First published: Thu Dec 19 2019(Updated: )
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Arista CloudVision Portal | >=2018.1.0<=2018.1.4 | |
Arista CloudVision Portal | >=2018.2.0<=2018.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-18181.
The severity of CVE-2019-18181 is high with a CVSS score of 7.8.
The affected software is Arista CloudVision Portal, versions 2018.1.0 to 2018.1.4 and versions 2018.2.0 to 2018.2.3.
CVE-2019-18181 allows users with read-only permissions to bypass restrictions and access restricted functionality via CVP API calls through the Configlet Builder modules.
Yes, it is recommended to update the Arista CloudVision Portal to a version outside the affected range to mitigate this vulnerability.