156 matches found
CVE-2025-0505
Arista CloudVision ZTP privilege escalation (CVE-2025-0505) affects on-prem CloudVision Portal/CUE; ZTP can grant admin privileges beyond what’s necessary, enabling querying/manipulation of managed devices. CloudVision as-a-Service is not affected. On-premise CloudVision Portal versions listed in...
CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state
On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...
CVE-2024-8100 On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
On affected versions of the Arista CloudVision Portal CVP on-prem, the time-bound device onboarding token can be used to gain admin privileges on CloudVision...
CVE-2024-8100 On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
On affected versions of the Arista CloudVision Portal CVP on-prem, the time-bound device onboarding token can be used to gain admin privileges on CloudVision...
CVE-2024-8100
The CVE-2024-8100 issue affects Arista CloudVision Portal (CVP on-prem). A time-bound device onboarding token can grant admin privileges to CloudVision, due to improper privilege management. Affected CVP versions include those in the 2024.x and earlier trains (as detailed by Arista’s advisory), w...
Arista Networks CloudVision Portal 安全漏洞
Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...
Arista Networks CloudVision Portal 安全漏洞
Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...
Arista Networks CloudVision Portal 安全漏洞
Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...
PT-2025-20406 · Arista · Arista Cloudvision Portal
Name of the Vulnerable Software and Affected Versions: Arista CloudVision Portal affected versions not specified Description: The issue is related to improper access controls on the CloudVision Portal, which could allow a malicious authenticated user to perform broader actions on managed EOS...
PT-2025-20408 · Arista · Arista Cloudvision
Name of the Vulnerable Software and Affected Versions: Arista CloudVision affected versions not specified Description: The issue allows an attacker to gain admin privileges on the CloudVision system using Zero Touch Provisioning, with more permissions than necessary. This can be used to query or...
PT-2025-20407 · Arista · Arista Cloudvision Portal
Name of the Vulnerable Software and Affected Versions: Arista CloudVision Portal CVP on-prem affected versions not specified Description: The issue allows an attacker to gain admin privileges on CloudVision using a time-bound device onboarding token. Recommendations: At the moment, there is no...
Security Advisory 0114
Security Advisory 0114 . CSAF PDF Date: April 15, 2025 Revision | Date | Changes ---|---|--- 1.0 | April 15, 2025 | Initial release The CVE-ID tracking this issue: CVE-2024-11186 CVSSv3.1 Base Score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Common Weakness Enumeration: CWE-284 Improper...
Security Advisory 0115
Security Advisory 0115 . CSAF PDF Date: April 15, 2025 Revision | Date | Changes ---|---|--- 1.0 | April 15, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-0505 CVSSv3.1 Base Score: 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Common Weakness Enumeration:CWE- CWE-269: Improp...
Security Advisory 0116
Security Advisory 0116 PDF Date: April 15, 2025 Revision | Date | Changes ---|---|--- 1.0 | April 15, 2025 | Initial release The CVE-ID tracking this issue: CVE-2024-8100 CVSSv3.1 Base Score: 8.7 CVSS:3.1AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N Common Weakness Enumeration: CWE-269: Improper Privilege...
CVE-2024-7142
On Arista CloudVision Appliance CVA affected releases running on appliances that support hardware disk encryption DCA-350E-CV only, the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them...
CVE-2024-7142 On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
On Arista CloudVision Appliance CVA affected releases running on appliances that support hardware disk encryption DCA-350E-CV only, the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them...
CVE-2024-7142 On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
On Arista CloudVision Appliance CVA affected releases running on appliances that support hardware disk encryption DCA-350E-CV only, the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them...
CloudVision Portal 安全漏洞
Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...
PT-2025-3691 · Arista · Arista Cloudvision Appliance
Name of the Vulnerable Software and Affected Versions: Arista CloudVision Appliance CVA affected versions not specified Description: The issue affects Arista CloudVision Appliance CVA releases running on appliances that support hardware disk encryption, specifically the DCA-350E-CV model. The...