Arista CloudVision Portal
Easy fix5 remedies
cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*
Easy fix5 remedies
- 2024.3.0
- ~2024
- ~2023.3
- ~2023
- ~2022
- ~2021
- ~2020
- ~2019
- ~2018
Arista CloudVision Portal Privilege Escalation Vulnerability via Onboarding Token
Vulnerability
Patched
A vulnerability exists in Arista CloudVision Portal (CVP on-prem) versions 2024.3.0, 2024.2 and below in the 2024.x train, 2023.3.1 and below in the 2023.3.x train, 2023.2 and below in the 2023.x train, and all releases in the 2022.x, 2021.x, 2020.x, 2019.x, and 2018.x trains. The issue arises because a time-bound device onboarding token can be exploited to gain administrative privileges on CloudVision. This vulnerability was discovered internally, and Arista is not aware of any malicious exploitation in customer networks.
Impact
Exploitation of this vulnerability allows unauthorized users to gain administrative privileges on the affected CloudVision Portal instance.
Remediation
Users are advised to upgrade to version 2024.1.3 or later in the 2024.1.x train, version 2024.2.2 or later in the 2024.2.x train, version 2024.3.1 or later in the 2024.3.x train, or version 2025.1.0 or later in the 2025.1.x train.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
5.0exploitability
5.2remediation
7.9relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.