On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).
References
Configurations
No configuration.
History
08 May 2025, 13:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117 - | |
Summary |
|
07 May 2025, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-07 23:15
Updated : 2025-05-08 14:39
NVD link : CVE-2025-0936
Mitre link : CVE-2025-0936
CVE.ORG link : CVE-2025-0936
JSON object : View
Products Affected
No product.
CWE
CWE-256
Plaintext Storage of a Password