CVE-2023-24546

Published: Jun 13, 2023Modified: Jan 6, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

Affected (6)

Products: Arista: Cloudvision Portal

Arista

1 product

Cloudvision Portal

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Arista Cloudvision Portal	From 2021.1 to 2021.3
Arista Cloudvision Portal	Version 2022.1.0
Arista Cloudvision Portal	Version 2022.1.1
Arista Cloudvision Portal	Version 2022.2.0
Arista Cloudvision Portal	Version 2022.2.1
Arista Cloudvision Portal	Version 2022.3.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083

Source: psirt@arista.com

Vendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.