PT-2023-30909 · Nautobot+2 · Nautobot Device Onboarding Plugin+2

Whitej6

Publicado

2023-11-21

Atualizado

2023-11-30

CVE-2023-48700

CVSS v3.1

5.7

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nautobot Device Onboarding plugin versions 2.0.0 through 2.0.2 Nautobot Device Onboarding plugin versions 2.0.0 through 2.0.x

Description The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot. Credentials provided to onboarding tasks are visible via Job Results from an execution of an Onboarding Task. This issue is fixed in version 3.0.0.

Recommendations For versions 2.0.0 through 2.0.2, delete all Job Results for any onboarding task to remove clear text credentials from database entries. For versions 2.0.0 through 2.0.x, upgrade to version 3.0.0. Rotate any exposed credentials.

Exploit

Correção

Information Disclosure

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-256CWE-200CWE-312

Identificadores relacionados

CVE-2023-48700

GHSA-QF3C-RW9F-JH7V

PYSEC-2023-288

Produtos afetados

Napalm

Nautobot Device Onboarding Plugin

Netmiko

PT-2023-30909 · Nautobot+2 · Nautobot Device Onboarding Plugin+2

CVE-2023-48700

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10