Arista Products Privilege Escalation Vulnerability

A vulnerability exists in Arista DANZ Monitoring Fabric (DMF), Converged Cloud Fabric (CCF), CloudVision Appliance (CVA), and Multi-Cloud Director (MCD) that allows restricted users to escape the command-line interface (CLI) sandbox, access the system shell, and elevate privileges. This issue affects several versions of the mentioned products, with specific vulnerable releases outlined in the advisory.

Impact

Exploitation of this vulnerability allows restricted users to gain unauthorized access to the system shell and elevate their privileges, potentially leading to unauthorized actions or access within the affected environment.

Remediation

Users are advised to upgrade to the latest versions that address this vulnerability. For Arista DANZ Monitoring Fabric, versions 8.7.1 and later in the 8.7.x train, 8.6.2 and later in the 8.6.x train, 8.5.3 and later in the 8.5.x train, and 8.4.6 and later in the 8.4.x train are recommended. For Converged Cloud Fabric, version 6.2.5 and later in the 6.2.x train is suggested. For CloudVision Appliance, version 7.1.0 and later in the CVA 7.x train is recommended. For Multi-Cloud Director, version 2.4.1 and later in the 2.4.x train is suggested.