Arista CloudVision Portal 2018.1.4

CPE Details

Arista CloudVision Portal 2018.1.4
arista
cloudvision_portal
2018.1.4
2020-01-05
13h21 +00:00
2020-01-05
13h21 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:arista:cloudvision_portal:2018.1.4:*:*:*:*:*:*:*

Informations

Vendor

arista

Product

cloudvision_portal

Version

2018.1.4

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-24333 2020-09-22 12h50 +00:00 A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
6.5
Moyen
CVE-2020-13881 2020-06-06 16h18 +00:00 In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
7.5
Haute
CVE-2019-18181 2019-12-19 17h17 +00:00 In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.
7.8
Haute
CVE-2019-17596 2019-10-24 19h07 +00:00 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
7.5
Haute