Lucene search
K
AristaCloudvision Portal

10 matches found

CVE
CVE
added 2026/04/22 8:15 a.m.849 views

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

7.8CVSS5.6AI score0.96267EPSS
In wild
CVE
CVE
added 2019/10/24 9:7 p.m.295 views

CVE-2019-17596

CVE-2019-17596 affects Go (Go before 1.12.11 and 1.3.x before 1.13.2) and can cause a panic when processing network traffic that contains an invalid DSA public key, e.g., traffic between clients and servers that verify client certificates. Connected advisories show affected Go versions and explic...

7.5CVSS7.3AI score0.04693EPSS
CVE
CVE
added 2020/06/06 6:18 p.m.152 views

CVE-2020-13881

CVE-2020-13881 affects pam_tacplus where the TACACS+ shared secret is logged via journald/syslog when DEBUG is enabled. The initial description notes logging of the shared secret for versions 1.3.8–1.5.1. Connected advisories confirm affected packages and provide remediation: Debian/Ubuntu adviso...

7.5CVSS7.4AI score0.01673EPSS
CVE
CVE
added 2023/06/13 12:0 a.m.86 views

CVE-2023-24546

CVE-2023-24546 affects on-prem Arista CloudVision Portal. A bug in the authorization layer allowed a malicious actor with network access to CloudVision to gain broader access to telemetry and configuration data. The attack surface is limited to CloudVision Portal deployments (not CloudVision as-a...

8.1CVSS7.9AI score0.00474EPSS
CVE
CVE
added 2019/12/19 6:17 p.m.79 views

CVE-2019-18181

Arista CloudVision Portal is affected in all releases of the 2018.1 and 2018.2 code trains. The issue allows users with read-only permissions to bypass restrictions for certain functionality via CVP API calls through the Configlet Builder modules, potentially letting authenticated read-only users...

7.8CVSS7.5AI score0.0034EPSS
CVE
CVE
added 2022/08/05 4:47 p.m.72 views

CVE-2022-29071

Arista CloudVision Portal (CVP) on-premises is affected. Under certain conditions, CVP user login passwords can be leaked to other authenticated users via Audit and System logs. The issue is documented in ARISTA Security Advisory 0079 and CVE-2022-29071, with fixed releases CVP 2022.1.1 and CVP 2...

5.5CVSS4.7AI score0.00193EPSS
CVE
CVE
added 2019/12/19 4:39 p.m.69 views

CVE-2019-18615

CVE-2019-18615 applies to Arista’s CloudVision Portal (CVP) 2018.2 train. Under certain conditions, CVP logs user passwords in plain text for specific API calls: (1) devices have enable passwords different from the user login password, or (2) configlet builders use the Device class and specify us...

4.9CVSS5.1AI score0.00494EPSS
CVE
CVE
added 2017/01/23 9:0 p.m.52 views

CVE-2016-9012

CVE-2016-9012 concerns Arista Networks CloudVision Portal (CVP) before 2016.1.2.1. The issue allows a remote authenticated user with access to the management plane to gain access to internal configuration mechanisms via the management interface, related to a request to /web/system/console/bundle....

8.8CVSS8.4AI score0.01512EPSS
CVE
CVE
added 2019/08/15 4:27 p.m.51 views

CVE-2018-12357

CVE-2018-12357 affects Arista CloudVision Portal up to version 2018.1.1, where an incorrect permissions issue could let an authenticated user with access to Account Management read/write access access sensitive information of other users. The Red Hat and Arista advisories confirm the vulnerabilit...

6.5CVSS6.5AI score0.00774EPSS
CVE
CVE
added 2020/09/22 2:50 p.m.51 views

CVE-2020-24333

The CVE-2020-24333 issue affects Arista’s CloudVision Portal (CVP) prior to 2020.2, where users with read-only or higher access to the Configlet Management module can download files not intended for access via a specific API. The vulnerability’s impact is the exposure of server-hosted files to au...

6.5CVSS6.4AI score0.00835EPSS