Vulnerabilites related to Arista Networks - CloudVision Portal
CVE-2024-11186 (GCVE-0-2024-11186)
Vulnerability from cvelistv5
Published
2025-05-08 18:47
Modified
2025-05-08 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Portal |
Version: 2024.3.0 Version: 2024.2.0 < Version: 2024.1.0 < Version: 2023.3 Version: 2023.2 Version: 2023.1 Version: 2022.3 Version: 2022.2 Version: 2022.1 Version: 2021.3 Version: 2021.2 Version: 2021.1 Version: 2020.3 Version: 2020.2 Version: 2020.1 Version: 2019.1 Version: 2018.2 Version: 2018.1 Version: 2017.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:00:51.701556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:01:23.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "2024.3.0"
},
{
"lessThanOrEqual": "2024.2.1",
"status": "affected",
"version": "2024.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2024.1.2",
"status": "affected",
"version": "2024.1.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2023.3"
},
{
"status": "affected",
"version": "2023.2"
},
{
"status": "affected",
"version": "2023.1"
},
{
"status": "affected",
"version": "2022.3"
},
{
"status": "affected",
"version": "2022.2"
},
{
"status": "affected",
"version": "2022.1"
},
{
"status": "affected",
"version": "2021.3"
},
{
"status": "affected",
"version": "2021.2"
},
{
"status": "affected",
"version": "2021.1"
},
{
"status": "affected",
"version": "2020.3"
},
{
"status": "affected",
"version": "2020.2"
},
{
"status": "affected",
"version": "2020.1"
},
{
"status": "affected",
"version": "2019.1"
},
{
"status": "affected",
"version": "2018.2"
},
{
"status": "affected",
"version": "2018.1"
},
{
"status": "affected",
"version": "2017.2"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIn order to be vulnerable to CVE-2024-11186, the following condition must be met:\u003c/div\u003e\u003cul\u003e\u003cli\u003eA user must be able to authenticate with CloudVision\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-11186, the following condition must be met:\n\n * A user must be able to authenticate with CloudVision"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:47:52.859Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21314-security-advisory-0114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==\"\u003eCloudVision Users Guide\u003c/a\u003e.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-11186 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e2025.1.0 and later releases in the 2025.1.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.1.3 and later releases in the 2024.1.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see CloudVision Users Guide https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ== .\n\n\u00a0\n\nCVE-2024-11186 has been fixed in the following releases:\n\n * 2025.1.0 and later releases in the 2025.1.x train\n * 2024.3.1 and later releases in the 2024.3.x train\n * 2024.2.2 and later releases in the 2024.2.x train\n * 2024.1.3 and later releases in the 2024.1.x train"
}
],
"source": {
"advisory": "114",
"defect": [
"BUG 1029707"
],
"discovery": "INTERNAL"
},
"title": "On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-prem",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to append the following to /etc/nginx/conf.d/locations/cvp.https.conf on all CVP nodes:\u003c/p\u003e\u003cpre\u003elocation ^~ /cvpservice/di/ {\n return 404;\n}\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThen restart nginx by running the following command on any node:\u003c/p\u003e\u003cpre\u003enginx-app.sh reload\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to append the following to /etc/nginx/conf.d/locations/cvp.https.conf on all CVP nodes:\n\nlocation ^~ /cvpservice/di/ {\n return 404;\n}\n\n\n\u00a0\n\nThen restart nginx by running the following command on any node:\n\nnginx-app.sh reload"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-11186",
"datePublished": "2025-05-08T18:47:52.859Z",
"dateReserved": "2024-11-13T17:09:34.018Z",
"dateUpdated": "2025-05-08T19:01:23.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12378 (GCVE-0-2024-12378)
Vulnerability from cvelistv5
Published
2025-05-08 19:05
Modified
2025-05-08 19:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Portal |
Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.0 < Version: 4.29.0 < Version: 4.28.0 < Version: 4.27.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:16:38.893940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:18:27.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.2F",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.6M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.12M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-12378, the following condition must be met:\u003c/p\u003e\u003cp\u003eSecure Vxlan must be configured.\u003c/p\u003e\u003cp\u003eThe output of \u201cshow ip security connection\u201d is empty if Secure Vxlan isn\u2019t configured.\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Source \u0026nbsp; \u0026nbsp; Dest \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Status \u0026nbsp; \u0026nbsp; \u0026nbsp; Uptime \u0026nbsp; \u0026nbsp; Input \u0026nbsp; \u0026nbsp;Output \u0026nbsp; \u0026nbsp; Rekey Time\nvxlansec-default-1.0.2.1 1.0.1.1 \u0026nbsp; 1.0.2.1 \u0026nbsp; \u003cb\u003eEstablished\u003c/b\u003e\u0026nbsp; 19 minutes 0 bytes \u0026nbsp;152 bytes \u0026nbsp;24 minutes\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0 pkts \u0026nbsp; \u0026nbsp;2 pkts\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eA normal encrypted connection will show the status as \u201cestablished\u201d.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-12378, the following condition must be met:\n\nSecure Vxlan must be configured.\n\nThe output of \u201cshow ip security connection\u201d is empty if Secure Vxlan isn\u2019t configured.\n\nswitch\u003e show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 Dest \u00a0 \u00a0 \u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 Uptime \u00a0 \u00a0 Input \u00a0 \u00a0Output \u00a0 \u00a0 Rekey Time\nvxlansec-default-1.0.2.1 1.0.1.1 \u00a0 1.0.2.1 \u00a0 Established\u00a0 19 minutes 0 bytes \u00a0152 bytes \u00a024 minutes\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 0 pkts \u00a0 \u00a02 pkts\n\n\n\u00a0\n\nA normal encrypted connection will show the status as \u201cestablished\u201d."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear."
}
],
"value": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:05:22.320Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-12378 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0F and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.7M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10M and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-12378 has been fixed in the following releases:\n\n * 4.33.0F and later releases in the 4.33.x train\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.7M and later releases in the 4.31.x train\n * 4.30.9M and later releases in the 4.30.x train\n * 4.29.10M and later releases in the 4.29.x train"
}
],
"source": {
"advisory": "113",
"defect": [
"BUG 997526"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to remove and re-apply security profiles for each secure VTEP.\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show vxlan security profile\nVTEP \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Security Profile\n------------- ----------------\n1.0.2.1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; p1\nswitch\u0026gt; en\nswitch# config\nswitch(config)# interface vxlan 1\nswitch(config-if-Vx1)# no vxlan vtep 1.0.2.1 ip security profile p1\nswitch(config-if-Vx1)# vxlan vtep 1.0.2.1 ip security profile p1\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to remove and re-apply security profiles for each secure VTEP.\n\nswitch\u003e show vxlan security profile\nVTEP \u00a0 \u00a0 \u00a0 \u00a0 Security Profile\n------------- ----------------\n1.0.2.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 p1\nswitch\u003e en\nswitch# config\nswitch(config)# interface vxlan 1\nswitch(config-if-Vx1)# no vxlan vtep 1.0.2.1 ip security profile p1\nswitch(config-if-Vx1)# vxlan vtep 1.0.2.1 ip security profile p1"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-12378",
"datePublished": "2025-05-08T19:05:22.320Z",
"dateReserved": "2024-12-09T18:19:27.219Z",
"dateUpdated": "2025-05-08T19:18:27.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29071 (GCVE-0-2022-29071)
Vulnerability from cvelistv5
Published
2022-08-05 16:47
Modified
2024-09-16 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Portal |
Version: 2020.2 Version: 2020.3 Version: 2021.1 Version: 2021.2 Version: 2021.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15865-security-advisory-0079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "2020.2"
},
{
"status": "affected",
"version": "2020.3"
},
{
"status": "affected",
"version": "2021.1"
},
{
"status": "affected",
"version": "2021.2"
},
{
"status": "affected",
"version": "2021.3"
}
]
}
],
"datePublic": "2022-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T16:47:15",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15865-security-advisory-0079"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\nCVP 2022.1.1\nCVP 2022.2.0 (pending release)"
}
],
"source": {
"advisory": "79",
"defect": [
"BUG",
"695468"
],
"discovery": "USER"
},
"title": "This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ...",
"workarounds": [
{
"lang": "en",
"value": "It is recommended for users logging into CVP to change their password and ensure that it is the same as the enable password on the switch. As a security best practice, it is recommended to restrict access to the CVP application and host operating system to trusted users/user groups and periodically rotate user passwords."
}
],
"x_ConverterErrors": {
"TITLE": {
"error": "TITLE too long. Truncating in v5 record.",
"message": "Truncated!"
}
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-07-26T21:01:00.000Z",
"ID": "CVE-2022-29071",
"STATE": "PUBLIC",
"TITLE": "This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CloudVision Portal",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2020.2"
},
{
"version_affected": "=",
"version_value": "2020.3"
},
{
"version_affected": "=",
"version_value": "2021.1"
},
{
"version_affected": "=",
"version_value": "2021.2"
},
{
"version_affected": "=",
"version_value": "2021.3"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/15865-security-advisory-0079",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15865-security-advisory-0079"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\nCVP 2022.1.1\nCVP 2022.2.0 (pending release)"
}
],
"source": {
"advisory": "79",
"defect": [
"BUG",
"695468"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "It is recommended for users logging into CVP to change their password and ensure that it is the same as the enable password on the switch. As a security best practice, it is recommended to restrict access to the CVP application and host operating system to trusted users/user groups and periodically rotate user passwords."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2022-29071",
"datePublished": "2022-08-05T16:47:17.137211Z",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-09-16T16:27:53.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0505 (GCVE-0-2025-0505)
Vulnerability from cvelistv5
Published
2025-05-08 18:37
Modified
2025-05-08 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Portal |
Version: 2024.2.0 < Version: 2024.3.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:55:39.942468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:56:19.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "2024.2.1",
"status": "affected",
"version": "2024.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2024.3.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\u003c/p\u003e\u003cp\u003eThe CloudVision versions listed in the \u201cAffected Software\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"\" src=\"https://www.arista.com/assets/images/article/SA115-1.png\"\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Zero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\n\nThe CloudVision versions listed in the \u201cAffected Software\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:37:13.981Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster\"\u003eUpgrade | Setup Guide | Arista CloudVision 2024.3 Help Center\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2025-0505 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cul\u003e\u003cul\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Upgrade | Setup Guide | Arista CloudVision 2024.3 Help Center https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster \n\n\u00a0\n\nCVE-2025-0505 has been fixed in the following releases:\n\n * 2024.2.2 and later releases in the 2024.2.x train\n * 2024.3.1 and later releases in the 2024.3.x train"
}
],
"source": {
"advisory": "115",
"defect": [
"BUG 1046170"
],
"discovery": "INTERNAL"
},
"title": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\u003c/p\u003e\u003cpre\u003ecvpi disable ztp\ncvpi stop ztp\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe following command can be used to verify that the component is stopped:\u003c/p\u003e\u003cpre\u003ecvpi status ztp\n \nExecuting command. This may take some time...\nCompleted 1/1 discovered actions\nprimary components total:1 running:0 disabled:1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe component may be enabled after upgrading to one the remediated software versions (See\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1\"\u003e\u0026nbsp;Resolution\u003c/a\u003e) using the following commands:\u003c/p\u003e\u003cpre\u003ecvpi enable ztp\ncvpi start ztp\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\n\ncvpi disable ztp\ncvpi stop ztp\n\n\n\u00a0\n\nThe following command can be used to verify that the component is stopped:\n\ncvpi status ztp\n \nExecuting command. This may take some time...\nCompleted 1/1 discovered actions\nprimary components total:1 running:0 disabled:1\n\n\n\u00a0\n\nThe component may be enabled after upgrading to one the remediated software versions (See \u00a0Resolution https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1 ) using the following commands:\n\ncvpi enable ztp\ncvpi start ztp"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-0505",
"datePublished": "2025-05-08T18:37:13.981Z",
"dateReserved": "2025-01-15T19:34:32.801Z",
"dateUpdated": "2025-05-08T18:56:19.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}