On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.
References
Link | Resource |
---|---|
https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Jun 2023, 17:33
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:a:arista:cloudvision_portal:2022.1.1:*:*:*:*:*:*:* cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:* cpe:2.3:a:arista:cloudvision_portal:2022.2.0:*:*:*:*:*:*:* cpe:2.3:a:arista:cloudvision_portal:2022.1.0:*:*:*:*:*:*:* cpe:2.3:a:arista:cloudvision_portal:2022.2.1:*:*:*:*:*:*:* cpe:2.3:a:arista:cloudvision_portal:2022.3.0:*:*:*:*:*:*:* |
|
CWE | CWE-863 | |
First Time |
Arista cloudvision Portal
Arista |
|
References | (MISC) https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083 - Vendor Advisory |
13 Jun 2023, 21:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-13 21:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-24546
Mitre link : CVE-2023-24546
CVE.ORG link : CVE-2023-24546
JSON object : View
Products Affected
arista
- cloudvision_portal