First published: Tue Jun 13 2023(Updated: )
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista CloudVision Portal | >=2021.1<=2021.3 | |
Arista CloudVision Portal | =2022.1.0 | |
Arista CloudVision Portal | =2022.1.1 | |
Arista CloudVision Portal | =2022.2.0 | |
Arista CloudVision Portal | =2022.2.1 | |
Arista CloudVision Portal | =2022.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-24546 is a vulnerability that allows a malicious actor with network access to CloudVision to gain broader access to telemetry and configuration data within the system than intended.
CVE-2023-24546 impacts the CloudVision Portal by allowing improper access controls on the connection from devices to CloudVision.
CVE-2023-24546 has a severity rating of 8.1 (high).
Affected versions of the CloudVision Portal include 2021.1, 2021.3, 2022.1.0, 2022.1.1, 2022.2.0, 2022.2.1, and 2022.3.0.
To fix CVE-2023-24546, it is recommended to upgrade to a version of the CloudVision Portal that is not affected by this vulnerability.