CVE-2024-8100

Description

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected products

Arista Networks / CloudVision2024.3.0 – 2024.3.0
Arista Networks / CloudVision2024.0 – 2024.2
Arista Networks / CloudVision2023.3.0 – 2023.3.1
Arista Networks / CloudVision2023.0 – 2023.2
Arista Networks / CloudVision2022 – 2022
Arista Networks / CloudVision2021 – 2021
Arista Networks / CloudVision2020 – 2020
Arista Networks / CloudVision2019 – 2019
Arista Networks / CloudVision2018 – 2018

References

VENDOR_ADVISORYhttps://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116