CVE-2025-0505 (GCVE-0-2025-0505)
Vulnerability from cvelistv5
Published
2025-05-08 18:37
Modified
2025-05-08 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Portal |
Version: 2024.2.0 < Version: 2024.3.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:55:39.942468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:56:19.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "2024.2.1",
"status": "affected",
"version": "2024.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2024.3.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\u003c/p\u003e\u003cp\u003eThe CloudVision versions listed in the \u201cAffected Software\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"\" src=\"https://www.arista.com/assets/images/article/SA115-1.png\"\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Zero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\n\nThe CloudVision versions listed in the \u201cAffected Software\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:37:13.981Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster\"\u003eUpgrade | Setup Guide | Arista CloudVision 2024.3 Help Center\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2025-0505 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cul\u003e\u003cul\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Upgrade | Setup Guide | Arista CloudVision 2024.3 Help Center https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster \n\n\u00a0\n\nCVE-2025-0505 has been fixed in the following releases:\n\n * 2024.2.2 and later releases in the 2024.2.x train\n * 2024.3.1 and later releases in the 2024.3.x train"
}
],
"source": {
"advisory": "115",
"defect": [
"BUG 1046170"
],
"discovery": "INTERNAL"
},
"title": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\u003c/p\u003e\u003cpre\u003ecvpi disable ztp\ncvpi stop ztp\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe following command can be used to verify that the component is stopped:\u003c/p\u003e\u003cpre\u003ecvpi status ztp\n \nExecuting command. This may take some time...\nCompleted 1/1 discovered actions\nprimary components total:1 running:0 disabled:1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe component may be enabled after upgrading to one the remediated software versions (See\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1\"\u003e\u0026nbsp;Resolution\u003c/a\u003e) using the following commands:\u003c/p\u003e\u003cpre\u003ecvpi enable ztp\ncvpi start ztp\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\n\ncvpi disable ztp\ncvpi stop ztp\n\n\n\u00a0\n\nThe following command can be used to verify that the component is stopped:\n\ncvpi status ztp\n \nExecuting command. This may take some time...\nCompleted 1/1 discovered actions\nprimary components total:1 running:0 disabled:1\n\n\n\u00a0\n\nThe component may be enabled after upgrading to one the remediated software versions (See \u00a0Resolution https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1 ) using the following commands:\n\ncvpi enable ztp\ncvpi start ztp"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-0505",
"datePublished": "2025-05-08T18:37:13.981Z",
"dateReserved": "2025-01-15T19:34:32.801Z",
"dateUpdated": "2025-05-08T18:56:19.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-0505\",\"sourceIdentifier\":\"psirt@arista.com\",\"published\":\"2025-05-08T19:16:01.320\",\"lastModified\":\"2025-05-12T17:32:52.810\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.\"},{\"lang\":\"es\",\"value\":\"En los sistemas Arista CloudVision (implementaciones locales virtuales o f\u00edsicas), el aprovisionamiento sin intervenci\u00f3n permite obtener privilegios de administrador en el sistema CloudVision, con m\u00e1s permisos de los necesarios, lo que permite consultar o manipular el estado del sistema de los dispositivos administrados. Tenga en cuenta que CloudVision como servicio no se ve afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115\",\"source\":\"psirt@arista.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0505\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T18:55:39.942468Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T18:56:16.147Z\"}}], \"cna\": {\"title\": \"On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state\", \"source\": {\"defect\": [\"BUG 1046170\"], \"advisory\": \"115\", \"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"product\": \"CloudVision Portal\", \"versions\": [{\"status\": \"affected\", \"version\": \"2024.2.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024.2.1\"}, {\"status\": \"affected\", \"version\": \"2024.3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Upgrade | Setup Guide | Arista CloudVision 2024.3 Help Center https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster \\n\\n\\u00a0\\n\\nCVE-2025-0505 has been fixed in the following releases:\\n\\n * 2024.2.2 and later releases in the 2024.2.x train\\n * 2024.3.1 and later releases in the 2024.3.x train\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster\\\"\u003eUpgrade | Setup Guide | Arista CloudVision 2024.3 Help Center\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2025-0505 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cul\u003e\u003cul\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"The ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\\n\\ncvpi disable ztp\\ncvpi stop ztp\\n\\n\\n\\u00a0\\n\\nThe following command can be used to verify that the component is stopped:\\n\\ncvpi status ztp\\n \\nExecuting command. This may take some time...\\nCompleted 1/1 discovered actions\\nprimary components total:1 running:0 disabled:1\\n\\n\\n\\u00a0\\n\\nThe component may be enabled after upgrading to one the remediated software versions (See \\u00a0Resolution https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1 ) using the following commands:\\n\\ncvpi enable ztp\\ncvpi start ztp\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\u003c/p\u003e\u003cpre\u003ecvpi disable ztp\\ncvpi stop ztp\\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe following command can be used to verify that the component is stopped:\u003c/p\u003e\u003cpre\u003ecvpi status ztp\\n \\nExecuting command. This may take some time...\\nCompleted 1/1 discovered actions\\nprimary components total:1 running:0 disabled:1\\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe component may be enabled after upgrading to one the remediated software versions (See\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1\\\"\u003e\u0026nbsp;Resolution\u003c/a\u003e) using the following commands:\u003c/p\u003e\u003cpre\u003ecvpi enable ztp\\ncvpi start ztp\u003c/pre\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eOn Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Zero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\\n\\nThe CloudVision versions listed in the \\u201cAffected Software\\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eZero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\u003c/p\u003e\u003cp\u003eThe CloudVision versions listed in the \\u201cAffected Software\\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\\\"\\\" src=\\\"https://www.arista.com/assets/images/article/SA115-1.png\\\"\u003e\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2025-05-08T18:37:13.981Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-0505\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-08T18:56:19.850Z\", \"dateReserved\": \"2025-01-15T19:34:32.801Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2025-05-08T18:37:13.981Z\", \"assignerShortName\": \"Arista\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…