CVE-2025-3456
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-08-25
Assigner: Arista Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arista | eos | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs on affected Arista EOS platforms where the global common encryption key configuration may be logged in clear text within local or remote accounting logs. If an attacker gains knowledge of this encryption key along with protocol-specific encrypted secrets from the device's running configuration, they could potentially obtain protocol-specific passwords used for symmetric authentication between devices with neighbor protocol relationships.
How can this vulnerability impact me? :
The vulnerability could allow an attacker with access to logs and device configurations to retrieve encryption keys and protocol-specific passwords. This could lead to unauthorized access or manipulation of network device communications that rely on symmetric passwords, potentially compromising network security and device integrity.