Latest arista cloudvision portal Vulnerabilities

CVE-2023-24546
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader a...
Arista CloudVision Portal>=2021.1<=2021.3
Arista CloudVision Portal=2022.1.0
Arista CloudVision Portal=2022.1.1
Arista CloudVision Portal=2022.2.0
Arista CloudVision Portal=2022.2.1
Arista CloudVision Portal=2022.3.0
CVE-2022-29071
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked i...
Arista CloudVision Portal>=2020.2.0<=2022.1.0
CVE-2020-24333
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access...
Arista CloudVision Portal<2020.2.0
CVE-2020-13881
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
ubuntu/libpam-tacplus<1.3.8-2+
ubuntu/libpam-tacplus<1.3.8-2+
ubuntu/libpam-tacplus<1.3.8-2+
Pam Tacplus Project Pam Tacplus>=1.3.8<=1.5.1
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 5 more
CVE-2019-18181
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configle...
Arista CloudVision Portal>=2018.1.0<=2018.1.4
Arista CloudVision Portal>=2018.2.0<=2018.2.3
CVE-2019-18615
In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user passwor...
Arista CloudVision Portal>=2018.2.0<=2018.2.3
CVE-2019-17596
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client t...
Golang Go>=1.12<1.12.11
Golang Go>=1.13<1.13.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 15 more
CVE-2018-12357
Arista CloudVision Portal<=2018.1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203