exploitDog

CVE-2016-9012

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.

Ссылки

http://www.securityfocus.com/bid/94635
Third Party Advisory
VDB Entry
https://www.arista.com/en/support/advisories-notices/security-advisories/2116-security-advisory-27
Vendor Advisory
http://www.securityfocus.com/bid/94635
Third Party Advisory
VDB Entry
https://www.arista.com/en/support/advisories-notices/security-advisories/2116-security-advisory-27
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*

Версия до 2016.1.2.0 (включая)

EPSS

Процентиль: 72%

0.00735

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-cm65-473w-q4v9

CVSS3: 8.8

github

больше 3 лет назад

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.

EPSS

Процентиль: 72%

0.00735

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-264