CVE-2022-29071

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ...

Description

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.

Remediation

Solution:

  • The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVP 2022.1.1 CVP 2022.2.0 (pending release)

Workaround:

  • It is recommended for users logging into CVP to change their password and ensure that it is the same as the enable password on the switch. As a security best practice, it is recommended to restrict access to the CVP application and host operating system to trusted users/user groups and periodically rotate user passwords.

Categories

4.0
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Vendor Advisory arista.com
Affected: Arista Networks CloudVision Portal
Published at:
Updated at:

References

Link Tags
https://www.arista.com/en/support/advisories-notices/security-advisory/15865-security-advisory-0079 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-29071?
CVE-2022-29071 has been scored as a medium severity vulnerability.
How to fix CVE-2022-29071?
To fix CVE-2022-29071: The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVP 2022.1.1 CVP 2022.2.0 (pending release)
Is CVE-2022-29071 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-29071 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-29071?
CVE-2022-29071 affects Arista Networks CloudVision Portal.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.