CVE-2024-8100

Published: May 8, 2025Modified: May 12, 2025

8.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Exploitability: 2.3 / Impact: 5.8

Source: psirt@arista.com (Secondary)

Description

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116

Source: psirt@arista.com

Timeline

No history available yet.