Security Advisory 0083

Security Advisory 0083 . CSAF PDF Date: March 7, 2023 Revision | Date | Changes ---|---|--- 1.0 | March 7, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24546 --- CVSSv3.1 Base Score: 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L Note: This issue has been filed on MITRE as...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2023-25657 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2023-25657 Source advisory: OSV:PYSEC-2023-37...

CVE-2022-29071

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal CVP where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords...

CVE-2022-29071

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal CVP where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords...

Race condition

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal CVP where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords...

CVE-2022-29071 This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ...

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal CVP where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords...

CVE-2022-29071

Arista CloudVision Portal (CVP) on-premises is affected. Under certain conditions, CVP user login passwords can be leaked to other authenticated users via Audit and System logs. The issue is documented in ARISTA Security Advisory 0079 and CVE-2022-29071, with fixed releases CVP 2022.1.1 and CVP 2...

Arista Networks CloudVision Portal 日志信息泄露漏洞

Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A log...

PT-2022-19399 · Arista · Arista Cloudvision Portal

Name of the Vulnerable Software and Affected Versions: Arista CloudVision Portal CVP affected versions not specified Description: The issue concerns a vulnerability in the on-premises deployment model of Arista CloudVision Portal CVP where, under specific conditions, user passwords can be leaked ...

CVE-2022-29071

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal CVP where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords...

Security Advisory 0079

Security Advisory 0079 . CSAF PDF Date: July 26th, 2022 Revision | Date | Changes ---|---|--- 1.0 | July 26th 2022 | Initial release CVE-2022-2907 The CVE-ID tracking this issue: CVE-2022-29071 CVSSv3.1 Base Score: 4.0 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Common Weakness Enumeration CWE: CWE-200...

Directory Traversal Vulnerability in Huijitong Cloud Vision of Beijing Zhongchuang Vision Technology Co.

Huijitong CloudVision is an operation-level cloud video platform developed by Beijing Zhongchuang Vision Technology Co., Ltd, which can simultaneously satisfy the zero distance of enterprise communication and collaboration. A directory traversal vulnerability exists in Huijitong CloudVision, whic...

Arbitrary file reading vulnerability exists in Saida Technology's CloudVision video conferencing terminal

Anhui Saida Technology Co., Ltd. focuses on intelligent cloud video industry, based on the network of communication carriers, using a new generation of information technology to create a "cloud video application engine", focusing on big data application platforms, intelligent terminal product...

Security Advisory 0062

Security Advisory 0062 PDF Updated: March 29th, 2021 Revision | Date | Changes ---|---|--- 1.0 | March 16th, 2021 | Initial Release 1.1 | March 29th, 2021 | -Telegraf removed from affected EOS features - Influxdb removed from affected components in MOS - Added config for SSL profile with trust...

Weak Password Vulnerability in CloudVision C21

CloudVision C21 is a security product under China Mobile, HD video conferencing terminal. CloudVision C21 suffers from a weak password vulnerability, which can be exploited by an attacker to log in directly and obtain critical information...

CVE-2020-13100

Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...

CVE-2020-13100

Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...

CVE-2020-13100

Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...

Security Advisory 0052

Security Advisory 0052 PDF Date: October 7th, 2020 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | October 7th, 2020 | Initial Release The CVE-ID tracking this issue is: CVE-2020-13100 CVSSv3 Base Score: 7.5/10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description This advisory...

CVE-2020-24333

A vulnerability in Arista’s CloudVision Portal CVP prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API...