CVE-2023-24546
 
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-26 CVE Reserved
- 2023-06-13 CVE Published
- 2024-06-19 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-863: Incorrect Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | >= 2021.1 <= 2021.3 Search vendor "Arista" for product "Cloudvision Portal" and version " >= 2021.1 <= 2021.3" | - |
Affected
| ||||||
Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | 2022.1.0 Search vendor "Arista" for product "Cloudvision Portal" and version "2022.1.0" | - |
Affected
| ||||||
Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | 2022.1.1 Search vendor "Arista" for product "Cloudvision Portal" and version "2022.1.1" | - |
Affected
| ||||||
Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | 2022.2.0 Search vendor "Arista" for product "Cloudvision Portal" and version "2022.2.0" | - |
Affected
| ||||||
Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | 2022.2.1 Search vendor "Arista" for product "Cloudvision Portal" and version "2022.2.1" | - |
Affected
| ||||||
Arista Search vendor "Arista" | Cloudvision Portal Search vendor "Arista" for product "Cloudvision Portal" | 2022.3.0 Search vendor "Arista" for product "Cloudvision Portal" and version "2022.3.0" | - |
Affected
|