Vulnerability Details : CVE-2023-24546
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.
Products affected by CVE-2023-24546
- cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*
- cpe:2.3:a:arista:cloudvision_portal:2022.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:arista:cloudvision_portal:2022.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:arista:cloudvision_portal:2022.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:arista:cloudvision_portal:2022.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:arista:cloudvision_portal:2022.3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-24546
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-24546
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2023-24546
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-24546
-
https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083
Security Advisory 0083 - AristaVendor Advisory
Jump to