Description
On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Arista Networks / CloudVision Portal2024.3.0 – 2024.3.0
- Arista Networks / CloudVision Portal2024.2.0 – 2024.2.1
- Arista Networks / CloudVision Portal2024.1.0 – 2024.1.2
- Arista Networks / CloudVision Portal2023.3 – 2023.3
- Arista Networks / CloudVision Portal2023.2 – 2023.2
- Arista Networks / CloudVision Portal2023.1 – 2023.1
- Arista Networks / CloudVision Portal2022.3 – 2022.3
- Arista Networks / CloudVision Portal2022.2 – 2022.2
- Arista Networks / CloudVision Portal2022.1 – 2022.1
- Arista Networks / CloudVision Portal2021.3 – 2021.3
- Arista Networks / CloudVision Portal2021.2 – 2021.2
- Arista Networks / CloudVision Portal2021.1 – 2021.1
- Arista Networks / CloudVision Portal2020.3 – 2020.3
- Arista Networks / CloudVision Portal2020.2 – 2020.2
- Arista Networks / CloudVision Portal2020.1 – 2020.1
- Arista Networks / CloudVision Portal2019.1 – 2019.1
- Arista Networks / CloudVision Portal2018.2 – 2018.2
- Arista Networks / CloudVision Portal2018.1 – 2018.1
- Arista Networks / CloudVision Portal2017.2 – 2017.2