Today > 1 Critical | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-47517

Jan. 10, 2025, 10:15 p.m.

Tags

CWE-1230
psirt@arista.com
2025-01-10
CVE-2024-47517

CVSS Score

6.8 / 10

Product(s) Impacted

Arista EOS

Description

Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access

Weaknesses

CWE-1230
Exposure of Sensitive Information Through Metadata

The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.

CWE ID: 1230

Date

Published: Jan. 10, 2025, 10:15 p.m.

Last Modified: Jan. 10, 2025, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@arista.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

Base Score
6.8
Exploitability Score
2.1
Impact Score
4.7
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

References

https://www.arista.com/ psirt@arista.com