Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-24546

Опубликовано: 13 июн. 2023
Источник: nvd
CVSS3: 8.1
EPSS Низкий

Описание

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*
Версия от 2021.1 (включая) до 2021.3 (включая)
cpe:2.3:a:arista:cloudvision_portal:2022.1.0:*:*:*:*:*:*:*
cpe:2.3:a:arista:cloudvision_portal:2022.1.1:*:*:*:*:*:*:*
cpe:2.3:a:arista:cloudvision_portal:2022.2.0:*:*:*:*:*:*:*
cpe:2.3:a:arista:cloudvision_portal:2022.2.1:*:*:*:*:*:*:*
cpe:2.3:a:arista:cloudvision_portal:2022.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%
0.00121
Низкий

8.1 High

CVSS3

Дефекты

CWE-284
CWE-863

Связанные уязвимости

github логотип

GHSA-hww7-wgc5-5m95

CVSS3: 8.1
github
больше 2 лет назад

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

EPSS

Процентиль: 32%
0.00121
Низкий

8.1 High

CVSS3

Дефекты

CWE-284
CWE-863