Arista CloudVision Portal 2018.1.0

CPE Details

Arista CloudVision Portal 2018.1.0
arista
cloudvision_portal
2018.1.0
2019-08-23
13h52 +00:00
2019-08-23
13h52 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:arista:cloudvision_portal:2018.1.0:*:*:*:*:*:*:*

Informations

Vendor

arista

Product

cloudvision_portal

Version

2018.1.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-24333 2020-09-22 12h50 +00:00 A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
6.5
Medium
CVE-2020-13881 2020-06-06 16h18 +00:00 In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
7.5
High
CVE-2019-18181 2019-12-19 17h17 +00:00 In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.
7.8
High
CVE-2019-17596 2019-10-24 19h07 +00:00 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
7.5
High
CVE-2018-12357 2019-08-15 14h27 +00:00 Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
6.5
Medium