CVE-2023-24546

EPSS 0.12%
Published 13.06.2023 21:15:09
Last modified 06.01.2025 16:15:25
Source psirt@arista.com
Teams watchlist Login
Open Login

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Arista ≫ Cloudvision Portal Version >= 2021.1 <= 2021.3

Arista ≫ Cloudvision Portal Version2022.1.0

Arista ≫ Cloudvision Portal Version2022.1.1

Arista ≫ Cloudvision Portal Version2022.2.0

Arista ≫ Cloudvision Portal Version2022.2.1

Arista ≫ Cloudvision Portal Version2022.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.325

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-24546

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24546

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24546

EUVD