CVE-2023-24547: 
Homebrew vulnerability analysis and mitigation

CVE-2023-24547 is a security vulnerability affecting Arista MOS (Metamako Operating System) platforms. The vulnerability was discovered internally by Arista and disclosed on December 5, 2023. The issue affects MOS versions from 0.13.0 onwards, specifically impacting Arista 7130 Systems running MOS and Pre-Arista labeled devices (Metamako). When a BGP password is configured, the system exposes the password in clear text both in local logs and remote logging servers, accessible to authenticated users, as well as in the device's running configuration (Vendor Advisory).

The vulnerability has been assigned a CVSSv3.1 Base Score of 5.9 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H. The vulnerability is classified under CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer. The issue specifically manifests when a BGP password is configured in plain text, exposing sensitive authentication credentials in system logs and configurations (Vendor Advisory).

The exposure of BGP passwords in clear text could result in unauthorized route announcements from malicious peers or cause traffic loss. The vulnerability affects network security by potentially allowing authenticated users to access sensitive BGP authentication credentials through local logs, remote logging servers, or the device's running configuration (Vendor Advisory).

The recommended resolution is to upgrade to remediated software versions: MOS-0.36.10 and later releases in the MOS-0.36.x train, or MOS-0.39.4 and later releases in the MOS-0.39.x train. Additionally, Arista recommends rotating the BGP password after upgrading, as the issue may have caused the password to be saved in logs and remote AAA servers. A hotfix is available for specific older versions. After upgrading, the BGP password will be obfuscated with the type-7 algorithm (Vendor Advisory).