CVE-2023-24546

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

Published: Jun 13, 2023
Updated: Jun 27, 2023
CVE: CVE-2023-24546
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
arista / cloudvision_portal	2022.1.0	2022.1.0.x
arista / cloudvision_portal	2022.1.1	2022.1.1.x
arista / cloudvision_portal	2022.2.0	2022.2.0.x
arista / cloudvision_portal	2022.2.1	2022.2.1.x
arista / cloudvision_portal	2022.3.0	2022.3.0.x
arista / cloudvision_portal	2021.1	2021.3.x

https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083

Vulnerability Database

289,599

CVE-2023-24546