CVE-2023-24547 MEDIUM

CVE-2023-24547: On Arista MOS configuration of a BGP password will cause the password to be logged in clear text.

Vendor Arista Networks
Product MOS
Published December 5, 2023
Last update May 28, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.

Key dates

02Disclosure timeline

December 5, 2023 CVE published
May 28, 2025 Record updated