Cleartext Packet Transmission in Arista EOS with Secure Vxlan Configuration
CVE-2024-12378
9.1CRITICAL
What is CVE-2024-12378?
A vulnerability exists in Arista EOS when operating with secure Vxlan configured. Restarting the Tunnelsec agent can lead to unintended transmission of packets in cleartext over these secure tunnels, potentially exposing sensitive network data to interception.
Affected Version(s)
CloudVision Portal 4.32.0 <= 4.32.2F
CloudVision Portal 4.31.0 <= 4.31.6M
CloudVision Portal 4.30.0 <= 4.30.8M
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved