A vulnerability exists in Arista CloudVision Portal, both virtual and physical appliances, in all releases through 2024.3.0, all releases in the 2023.3.x, 2023.2.x, 2023.1.x, 2022.3.x, 2022.2.x, 2022.1.x, 2021.3.x, 2021.2.x, 2021.1.x, 2020.3.x, 2020.2.x, 2020.1.x, 2019.1.x, 2018.2.x, 2018.1.x, and 2017.2.x trains. The vulnerability arises from improper access controls, allowing a malicious authenticated user to perform unintended actions on managed EOS devices. This issue was discovered internally by Arista and does not affect CloudVision as-a-Service.
Exploitation of this vulnerability could allow a malicious authenticated user to gain unauthorized access or privileges on managed EOS devices, potentially leading to unauthorized actions or changes on those devices.
Users are advised to upgrade to version 2025.1.0 or later in the 2025.1.x train, or to version 2024.3.1 or later in the 2024.3.x train. For more information about upgrading, see the CloudVision Users Guide.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
