Lucene search
K

157 matches found

CVE
CVE
added 2019/12/19 6:17 p.m.79 views

CVE-2019-18181

Arista CloudVision Portal is affected in all releases of the 2018.1 and 2018.2 code trains. The issue allows users with read-only permissions to bypass restrictions for certain functionality via CVP API calls through the Configlet Builder modules, potentially letting authenticated read-only users...

7.8CVSS7.5AI score0.0034EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/19 6:17 p.m.36 views

CVE-2019-18181

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only...

7.6AI score0.0034EPSS
Exploits0References1
NVD
NVD
added 2019/12/19 5:15 p.m.30 views

CVE-2019-18615

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

4.9CVSS5.1AI score0.00494EPSS
Exploits0References1
OSV
OSV
added 2019/12/19 5:15 p.m.7 views

CVE-2019-18615

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

4.9CVSS5.8AI score0.00494EPSS
Exploits0References1
Prion
Prion
added 2019/12/19 5:15 p.m.24 views

Design/Logic Flaw

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

3.5CVSS5AI score0.00494EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/19 4:39 p.m.29 views

CVE-2019-18615

In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...

5.1AI score0.00494EPSS
Exploits0References1
CVE
CVE
added 2019/12/19 4:39 p.m.68 views

CVE-2019-18615

CVE-2019-18615 applies to Arista’s CloudVision Portal (CVP) 2018.2 train. Under certain conditions, CVP logs user passwords in plain text for specific API calls: (1) devices have enable passwords different from the user login password, or (2) configlet builders use the Device class and specify us...

4.9CVSS5.1AI score0.00494EPSS
Exploits0References1Affected Software1
Arista
Arista
added 2019/12/04 12:0 a.m.40 views

Security Advisory 0045

Security Advisory 0045 PDF Date: December 4th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | December 4, 2019 | Initial Release CVE-ID tracking this issue is: CVE-2019-18615 CVSSv3 Base Score: 7.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N Description: This advisory documents th...

4.9CVSS5AI score0.00494EPSS
Exploits0
Arista
Arista
added 2019/12/04 12:0 a.m.41 views

Security Advisory 0044

Security Advisory 0044 PDF Date: December 4th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | December 4, 2019 | Initial Release The CVE-ID tracking this issue is: CVE-2019-18181 CVSSv3 Base Score: 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N Description: This advisory document...

7.8CVSS7.9AI score0.0034EPSS
Exploits0
Arista
Arista
added 2019/11/06 12:0 a.m.102 views

Security Advisory 0043

Security Advisory 0043 PDF Date: November 6th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | November 6th, 2019 | Initial Release The CVE-IDs tracking this issue: CVE-2019-9512, CVE-2019-9514, and CVE-2019-9515 CVSSv3 Base Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description...

7.8CVSS7.8AI score0.87806EPSS
Exploits1
NVD
NVD
added 2019/08/15 5:15 p.m.22 views

CVE-2018-12357

Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...

6.5CVSS6.5AI score0.00774EPSS
Exploits0References2
OSV
OSV
added 2019/08/15 5:15 p.m.4 views

CVE-2018-12357

Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...

6.5CVSS5.8AI score0.00774EPSS
Exploits0References2
Prion
Prion
added 2019/08/15 5:15 p.m.12 views

Code injection

Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...

4CVSS6.5AI score0.00774EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/15 4:27 p.m.23 views

CVE-2018-12357

Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...

6.5AI score0.00774EPSS
Exploits0References2
CVE
CVE
added 2019/08/15 4:27 p.m.49 views

CVE-2018-12357

CVE-2018-12357 affects Arista CloudVision Portal up to version 2018.1.1, where an incorrect permissions issue could let an authenticated user with access to Account Management read/write access access sensitive information of other users. The Red Hat and Arista advisories confirm the vulnerabilit...

6.5CVSS6.5AI score0.00774EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/13 12:0 a.m.6 views

PT-2019-3016 · Google +10 · Golang.Org/X/Net/Http2 +11

Name of the Vulnerable Software and Affected Versions: HTTP/2 implementations affected versions not specified golang.org/x/net/http2 affected versions not specified Arista’s EOS affected versions not specified Arista’s CloudVision Portal affected versions not specified Access Points with OpenConf...

9.8CVSS6.5AI score0.95707EPSS
Exploits64References814
Positive Technologies
Positive Technologies
added 2019/08/12 12:0 a.m.7 views

PT-2019-3472 · Apache +16 · Apache Traffic Server +30

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions affected versions not specified H2O versions affected versions not specified Node.js versions affected versions not specified SwiftNIO versions affected versions not specified Arista EOS versions affected versio...

9.8CVSS6.6AI score0.95707EPSS
Exploits55References654
Arista
Arista
added 2019/01/16 12:0 a.m.87 views

Security Advisory 0039

Security Advisory 0039 PDF Date: January 16th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | January 16th, 2019 | Initial Release The CVE-IDs tracking this issue are CVE-2018-16873, CVE-2018-16874 and CVE-2018-16875 Description This advisory is to document the impact of...

8.1CVSS7.7AI score0.66252EPSS
Exploits0
Arista
Arista
added 2018/08/14 12:0 a.m.66 views

Security Advisory 0037

Security Advisory 0037 . CSAF PDF Date: August 14th, 2018 Last Updated: March 25th, 2019 Version: 1.1 Revision | Date | Changes ---|---|--- 1.0 | August 14, 2018 | Initial Release 1.1 | March 25, 2019 | Updated with Remediated versions The CVE-ID tracking this issue is CVE-2018-5391 CVSS v2: 7.8...

7.8CVSS6.3AI score0.24575EPSS
Exploits0Affected Software1
Arista
Arista
added 2018/07/03 12:0 a.m.27 views

Security Advisory 0035

Security Advisory 0035 . CSAF PDF Date: July 3, 2018 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | July 3, 2018 | Initial Release Arista CloudVision Portal Incorrect Permissions Vulnerability - CVE-2018-12357 CVSS v3: 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N This advisory is to document...

6.5CVSS6.5AI score0.00774EPSS
Exploits0
Rows per page
Query Builder