CVE-2025-0936

On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).
Configurations

No configuration.

History

08 May 2025, 13:15

Type Values Removed Values Added
References () https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117 - () https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117 -
Summary
  • (es) En las plataformas afectadas que ejecutan Arista EOS con un transporte gNMI habilitado, ejecutar la RPC gNOI File TransferToRemote con credenciales para un servidor remoto puede provocar que estas credenciales del servidor remoto se registren o contabilicen en el dispositivo EOS local o posiblemente en otros servidores de contabilidad remotos (es decir, TACACS, RADIUS, etc.).

07 May 2025, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-07 23:15

Updated : 2025-05-08 14:39


NVD link : CVE-2025-0936

Mitre link : CVE-2025-0936

CVE.ORG link : CVE-2025-0936


JSON object : View

Products Affected

No product.

CWE
CWE-256

Plaintext Storage of a Password