Описание
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
Ссылки
- Vendor Advisory
- ExploitMitigationVendor Advisory
- Vendor Advisory
- ExploitMitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2020.2.0 (исключая)
cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00212
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
github
больше 3 лет назад
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
EPSS
Процентиль: 44%
0.00212
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo