157 matches found
CVE-2019-18181
Arista CloudVision Portal is affected in all releases of the 2018.1 and 2018.2 code trains. The issue allows users with read-only permissions to bypass restrictions for certain functionality via CVP API calls through the Configlet Builder modules, potentially letting authenticated read-only users...
CVE-2019-18181
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only...
CVE-2019-18615
In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...
CVE-2019-18615
In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...
Design/Logic Flaw
In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...
CVE-2019-18615
In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...
CVE-2019-18615
CVE-2019-18615 applies to Arista’s CloudVision Portal (CVP) 2018.2 train. Under certain conditions, CVP logs user passwords in plain text for specific API calls: (1) devices have enable passwords different from the user login password, or (2) configlet builders use the Device class and specify us...
Security Advisory 0045
Security Advisory 0045 PDF Date: December 4th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | December 4, 2019 | Initial Release CVE-ID tracking this issue is: CVE-2019-18615 CVSSv3 Base Score: 7.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N Description: This advisory documents th...
Security Advisory 0044
Security Advisory 0044 PDF Date: December 4th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | December 4, 2019 | Initial Release The CVE-ID tracking this issue is: CVE-2019-18181 CVSSv3 Base Score: 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N Description: This advisory document...
Security Advisory 0043
Security Advisory 0043 PDF Date: November 6th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | November 6th, 2019 | Initial Release The CVE-IDs tracking this issue: CVE-2019-9512, CVE-2019-9514, and CVE-2019-9515 CVSSv3 Base Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description...
CVE-2018-12357
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...
CVE-2018-12357
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...
Code injection
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...
CVE-2018-12357
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...
CVE-2018-12357
CVE-2018-12357 affects Arista CloudVision Portal up to version 2018.1.1, where an incorrect permissions issue could let an authenticated user with access to Account Management read/write access access sensitive information of other users. The Red Hat and Arista advisories confirm the vulnerabilit...
PT-2019-3016 · Google +10 · Golang.Org/X/Net/Http2 +11
Name of the Vulnerable Software and Affected Versions: HTTP/2 implementations affected versions not specified golang.org/x/net/http2 affected versions not specified Arista’s EOS affected versions not specified Arista’s CloudVision Portal affected versions not specified Access Points with OpenConf...
PT-2019-3472 · Apache +16 · Apache Traffic Server +30
Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions affected versions not specified H2O versions affected versions not specified Node.js versions affected versions not specified SwiftNIO versions affected versions not specified Arista EOS versions affected versio...
Security Advisory 0039
Security Advisory 0039 PDF Date: January 16th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | January 16th, 2019 | Initial Release The CVE-IDs tracking this issue are CVE-2018-16873, CVE-2018-16874 and CVE-2018-16875 Description This advisory is to document the impact of...
Security Advisory 0037
Security Advisory 0037 . CSAF PDF Date: August 14th, 2018 Last Updated: March 25th, 2019 Version: 1.1 Revision | Date | Changes ---|---|--- 1.0 | August 14, 2018 | Initial Release 1.1 | March 25, 2019 | Updated with Remediated versions The CVE-ID tracking this issue is CVE-2018-5391 CVSS v2: 7.8...
Security Advisory 0035
Security Advisory 0035 . CSAF PDF Date: July 3, 2018 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | July 3, 2018 | Initial Release Arista CloudVision Portal Incorrect Permissions Vulnerability - CVE-2018-12357 CVSS v3: 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N This advisory is to document...