CVE-2019-18181
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.
En CloudVision Portal, todos las versiones en el tren de Code versiones 2018.1 y 2018.2, permiten a usuarios con permisos de solo lectura omitir los permisos para la funcionalidad restringida por medio de llamadas a la API CVP por medio de los módulos de Configlet Builder. Esta vulnerabilidad puede permitir a usuarios autenticados con acceso de solo lectura tomar acciones que de otro modo estarían restringidas en la GUI.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-17 CVE Reserved
- 2019-12-19 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | >= 2018.1.0 <= 2018.1.4 Search vendor "Arista" for product "Cloudvision Portal" and version " >= 2018.1.0 <= 2018.1.4" | - |
Affected
| ||||||
| Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | >= 2018.2.0 <= 2018.2.3 Search vendor "Arista" for product "Cloudvision Portal" and version " >= 2018.2.0 <= 2018.2.3" | - |
Affected
| ||||||