Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveAristaCVE-2022-29071
HistoryAug 05, 2022 - 5:15 p.m.

CVE-2022-29071

2022-08-0517:15:08
CWE-532
CWE-200
Arista
web.nvd.nist.gov
39
4
cve-2022-29071
arista
cloudvision portal
cvp
on-prem
password leakage
logs
vulnerability
nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

12.6%

JSON

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.

Affected configurations

Nvd
Node
aristacloudvision_portalRange2020.2.02022.1.0
VendorProductVersionCPE
aristacloudvision_portal*cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "CloudVision Portal",
    "vendor": "Arista Networks",
    "versions": [
      {
        "status": "affected",
        "version": "2020.2"
      },
      {
        "status": "affected",
        "version": "2020.3"
      },
      {
        "status": "affected",
        "version": "2021.1"
      },
      {
        "status": "affected",
        "version": "2021.2"
      },
      {
        "status": "affected",
        "version": "2021.3"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
nvd 1
prion 1
arista 1
cvelist
cvelist
CVE-2022-29071 This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ...
2022-08-05 16:47:17
nvd
nvd
CVE-2022-29071
2022-08-05 17:15:08
prion
prion
Race condition
2022-08-05 17:15:00
arista
arista
Security Advisory 0079
2022-07-26 00:00:00

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0

Percentile

12.6%

JSON
Related for CVE-2022-29071
cvelist1nvd1prion1arista1