CVE-2025-3456

{"id": "CVE-2025-3456", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@arista.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.0}]}, "published": "2025-08-25T20:15:39.907", "references": [{"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122", "source": "psirt@arista.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@arista.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships."}, {"lang": "es", "value": "En las plataformas afectadas que ejecutan Arista EOS, la configuraci\u00f3n de la clave de cifrado com\u00fan global puede registrarse en texto plano, en registros de contabilidad locales o remotos. El conocimiento de la clave de cifrado y los secretos cifrados espec\u00edficos del protocolo del dispositivo que ejecuta la configuraci\u00f3n podr\u00eda utilizarse para obtener contrase\u00f1as espec\u00edficas del protocolo en casos donde se requieran contrase\u00f1as sim\u00e9tricas entre dispositivos con protocolos vecinos."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@arista.com"}