Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arista cloudvision portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24546
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This ...
Arista Cloudvision Portal 2022.1.0
Arista Cloudvision Portal 2022.1.1
Arista Cloudvision Portal 2022.2.0
Arista Cloudvision Portal 2022.2.1
Arista Cloudvision Portal 2022.3.0
Arista Cloudvision Portal
NA
CVE-2022-29071
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP us...
Arista Cloudvision Portal
4
CVSSv2
CVE-2020-24333
A vulnerability in Arista’s CloudVision Portal (CVP) before 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
Arista Cloudvision Portal
4.3
CVSSv2
CVE-2020-13881
In support.c in pam_tacplus 1.3.8 up to and including 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Pam Tacplus Project Pam Tacplus
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Arista Cloudvision Portal
4.6
CVSSv2
CVE-2019-18181
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users...
Arista Cloudvision Portal
3.5
CVSSv2
CVE-2019-18615
In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mod...
Arista Cloudvision Portal
5
CVSSv2
CVE-2019-17596
Go prior to 1.12.11 and 1.3.x prior to 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Golang Go
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Developer Tools 1.0
Redhat Enterprise Linux Server 8.1
Opensuse Leap 15.0
Opensuse Leap 15.1
Arista Mos
Arista Eos
Arista Cloudvision Portal 2019.1.2
Arista Cloudvision Portal 2019.1.1
Arista Cloudvision Portal 2019.1.0
Arista Cloudvision Portal
Arista Terminattr
1 Github repository
4
CVSSv2
CVE-2018-12357
Arista CloudVision Portal up to and including 2018.1.1 has Incorrect Permissions.
Arista Cloudvision Portal
6.5
CVSSv2
CVE-2016-9012
CloudVision Portal (CVP) prior to 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.
Arista Cloudvision Portal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started