10
CVE-2024-11186
- EPSS 0.05%
- Published 08.05.2025 18:47:52
- Last modified 12.05.2025 17:32:52
- Source psirt@arista.com
- Teams watchlist Login
- Open Login
On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorArista Networks
≫
Product
CloudVision Portal
Default Statusunaffected
Version
2024.3.0
Status
affected
Version <=
2024.2.1
Version
2024.2.0
Status
affected
Version <=
2024.1.2
Version
2024.1.0
Status
affected
Version
2023.3
Status
affected
Version
2023.2
Status
affected
Version
2023.1
Status
affected
Version
2022.3
Status
affected
Version
2022.2
Status
affected
Version
2022.1
Status
affected
Version
2021.3
Status
affected
Version
2021.2
Status
affected
Version
2021.1
Status
affected
Version
2020.3
Status
affected
Version
2020.2
Status
affected
Version
2020.1
Status
affected
Version
2019.1
Status
affected
Version
2018.2
Status
affected
Version
2018.1
Status
affected
Version
2017.2
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.154 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@arista.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.