FKIE_CVE-2025-3456

Vulnerability from fkie_nvd - Published: 2025-08-25 20:15 - Updated: 2025-08-25 20:24
Severity ?
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.
References
psirt@arista.comhttps://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships."
    },
    {
      "lang": "es",
      "value": "En las plataformas afectadas que ejecutan Arista EOS, la configuraci\u00f3n de la clave de cifrado com\u00fan global puede registrarse en texto plano, en registros de contabilidad locales o remotos. El conocimiento de la clave de cifrado y los secretos cifrados espec\u00edficos del protocolo del dispositivo que ejecuta la configuraci\u00f3n podr\u00eda utilizarse para obtener contrase\u00f1as espec\u00edficas del protocolo en casos donde se requieran contrase\u00f1as sim\u00e9tricas entre dispositivos con protocolos vecinos."
    }
  ],
  "id": "CVE-2025-3456",
  "lastModified": "2025-08-25T20:24:45.327",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 1.4,
        "source": "psirt@arista.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-25T20:15:39.907",
  "references": [
    {
      "source": "psirt@arista.com",
      "url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122"
    }
  ],
  "sourceIdentifier": "psirt@arista.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "psirt@arista.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.