6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
53.6%
Revision | Date | Changes |
---|---|---|
1.0 | July 26th 2022 | Initial release |
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs.
The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.
While this advisory is similar to Arista Security Advisory 0045, it is different both in the underlying root cause and in that it discloses the passwords in the audit logs.
This issue is specific to using CVP user authentication via local (user accounts local to CVP application), TACACS or RADIUS, thus only applicable to the on-premises CloudVision Portal; CloudVision as-a-Service does not use these modes of authentication and is not affected by this issue.
This issue was discovered by an Arista customer and Arista is not aware of any malicious use of this issue in customer networks.
The following CloudVision Portal products are affected with the previously mentioned software versions.
The following product versions and platforms are not affected by this vulnerability:
In order for this vulnerability to occur, the following conditions must all be met:
User passwords will appear in logs.
It is recommended for users logging into CVP to change their password and ensure that it is the same as the enable password on the switch. As a security best practice, it is recommended to restrict access to the CVP application and host operating system to trusted users/user groups and periodically rotate user passwords.
The recommended resolution is to upgrade to a remediated software version at your earliest convenience.
No hotfix will be made available for this issue.
The following versions contain a fix for this vulnerability
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: 408-547-5502 ; 866-476-0000 Contact information needed to open a new service request may be found at:
https://www.arista.com/en/support/customer-support