CVE-2023-24546
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
25.8%
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| arista | cloudvision_portal | * | cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:* |
| arista | cloudvision_portal | 2022.1.0 | cpe:2.3:a:arista:cloudvision_portal:2022.1.0:*:*:*:*:*:*:* |
| arista | cloudvision_portal | 2022.1.1 | cpe:2.3:a:arista:cloudvision_portal:2022.1.1:*:*:*:*:*:*:* |
| arista | cloudvision_portal | 2022.2.0 | cpe:2.3:a:arista:cloudvision_portal:2022.2.0:*:*:*:*:*:*:* |
| arista | cloudvision_portal | 2022.2.1 | cpe:2.3:a:arista:cloudvision_portal:2022.2.1:*:*:*:*:*:*:* |
| arista | cloudvision_portal | 2022.3.0 | cpe:2.3:a:arista:cloudvision_portal:2022.3.0:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
25.8%