55 matches found
CVE-2018-12357
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...
EUVD-2018-4331
Malware in sbrugna...
EUVD-2020-17067
Malware in sbrugna...
EUVD-2020-5377
Malware in sbrugna...
EUVD-2022-33484
Malicious code in bioql PyPI...
EUVD-2023-28562
Malicious code in bioql PyPI...
EUVD-2025-14029
Malicious code in bioql PyPI...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: OSV:GHSA-RH67-4C8J-HJJH...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49142 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49142 Source advisory: OSV:GHSA-WJW6-95H5-4JPX...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: SNYK:PYTHON-NAUTOBOT-10337820...
CVE-2020-24333
A vulnerability in Arista’s CloudVision Portal CVP prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API...
CVE-2024-8100
On affected versions of the Arista CloudVision Portal CVP on-prem, the time-bound device onboarding token can be used to gain admin privileges on CloudVision...
CVE-2025-0505
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2025-0505
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2025-0505
Arista CloudVision ZTP privilege escalation (CVE-2025-0505) affects on-prem CloudVision Portal/CUE; ZTP can grant admin privileges beyond what’s necessary, enabling querying/manipulation of managed devices. CloudVision as-a-Service is not affected. On-premise CloudVision Portal versions listed in...
CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2024-8100 On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
On affected versions of the Arista CloudVision Portal CVP on-prem, the time-bound device onboarding token can be used to gain admin privileges on CloudVision...
CVE-2024-8100
The CVE-2024-8100 issue affects Arista CloudVision Portal (CVP on-prem). A time-bound device onboarding token can grant admin privileges to CloudVision, due to improper privilege management. Affected CVP versions include those in the 2024.x and earlier trains (as detailed by Arista’s advisory), w...
CVE-2024-8100 On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
On affected versions of the Arista CloudVision Portal CVP on-prem, the time-bound device onboarding token can be used to gain admin privileges on CloudVision...