This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ...
CVE-2022-29071

4MEDIUM

Key Information:

Vendor: Arista Networks
Status: Cloudvision Portal
Vendor: CVE Published:; 5 August 2022

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2022-29071?

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.

Affected Version(s)

CloudVision Portal 2020.2

CloudVision Portal 2020.3

CloudVision Portal 2021.1

References

https://www.arista.com/en/support/advisories-notices/secu...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2022
Vulnerability Reserved
Apr 11, 2022