Home

Description

On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).

PUBLISHED Reserved 2025-01-31 | Published 2025-05-07 | Updated 2025-05-08 | Assigner Arista




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-256

Product status

Default status
unaffected

4.33.0 (custom)
affected

4.32.0 (custom)
affected

4.31.0 (custom)
affected

4.30.1F (custom)
affected

References

www.arista.com/...rity-advisory/21394-security-advisory-0117

cve.org (CVE-2025-0936)

nvd.nist.gov (CVE-2025-0936)

Download JSON