CVE-2023-24546

EPSS 0.12%
Veröffentlicht 13.06.2023 21:15:09
Zuletzt bearbeitet 06.01.2025 16:15:25
Quelle psirt@arista.com
Teams Watchlist Login
Unerledigt Login

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arista ≫ Cloudvision Portal Version >= 2021.1 <= 2021.3

Arista ≫ Cloudvision Portal Version2022.1.0

Arista ≫ Cloudvision Portal Version2022.1.1

Arista ≫ Cloudvision Portal Version2022.2.0

Arista ≫ Cloudvision Portal Version2022.2.1

Arista ≫ Cloudvision Portal Version2022.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.325

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-24546

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24546

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24546

EUVD