Lucene search

AristaCVE-2023-24546

HistoryJun 13, 2023 - 9:15 p.m.

CVE-2023-24546

2023-06-1321:15:09

CWE-284

CWE-863

Arista

web.nvd.nist.gov

cve-2023-24546

cloudvision portal

access control

security vulnerability

arista

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

Affected configurations

Nvd

Node

aristacloudvision_portalRange2021.1–2021.3

aristacloudvision_portalMatch2022.1.0

aristacloudvision_portalMatch2022.1.1

aristacloudvision_portalMatch2022.2.0

aristacloudvision_portalMatch2022.2.1

aristacloudvision_portalMatch2022.3.0

VendorProductVersionCPE
aristacloudvision_portal*cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*
aristacloudvision_portal2022.1.0cpe:2.3:a:arista:cloudvision_portal:2022.1.0:*:*:*:*:*:*:*
aristacloudvision_portal2022.1.1cpe:2.3:a:arista:cloudvision_portal:2022.1.1:*:*:*:*:*:*:*
aristacloudvision_portal2022.2.0cpe:2.3:a:arista:cloudvision_portal:2022.2.0:*:*:*:*:*:*:*
aristacloudvision_portal2022.2.1cpe:2.3:a:arista:cloudvision_portal:2022.2.1:*:*:*:*:*:*:*
aristacloudvision_portal2022.3.0cpe:2.3:a:arista:cloudvision_portal:2022.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arista	cloudvision_portal	*	cpe:2.3:a:arista:cloudvision_portal::::::::
arista	cloudvision_portal	2022.1.0	cpe:2.3:a:arista:cloudvision_portal:2022.1.0:::::::*
arista	cloudvision_portal	2022.1.1	cpe:2.3:a:arista:cloudvision_portal:2022.1.1:::::::*
arista	cloudvision_portal	2022.2.0	cpe:2.3:a:arista:cloudvision_portal:2022.2.0:::::::*
arista	cloudvision_portal	2022.2.1	cpe:2.3:a:arista:cloudvision_portal:2022.2.1:::::::*
arista	cloudvision_portal	2022.3.0	cpe:2.3:a:arista:cloudvision_portal:2022.3.0:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "CloudVision",
    "versions": [
      {
        "version": "<2021.1.0, <2021.2.0, <2021.3.0,",
        "status": "affected"
      }
    ]
  }
]

References

www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

Related for CVE-2023-24546