First published: Fri Aug 05 2022(Updated: )
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.
Credit: psirt@arista.com psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista CloudVision Portal | >=2020.2.0<=2022.1.0 |
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVP 2022.1.1 CVP 2022.2.0 (pending release)
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29071 is a vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where user passwords can be leaked in the Audit and System logs.
The impact of CVE-2022-29071 is that the user login passwords in Arista CloudVision Portal (CVP) can be leaked.
CVE-2022-29071 has a severity rating of 5.5, which is classified as medium.
CVE-2022-29071 affects Arista CloudVision Portal versions between 2020.2.0 and 2022.1.0.
To fix CVE-2022-29071, it is recommended to update Arista CloudVision Portal to a version beyond 2022.1.0.