CVE-2024-11186 | THREATINT

Description

On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.

PUBLISHED Reserved 2024-11-13 | Published 2025-05-08 | Updated 2025-05-08 | Assigner Arista

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-287 Improper Authentication

Product status

Default status

unaffected

2024.3.0

affected

2024.2.0 (custom)

affected

2024.1.0 (custom)

affected

2023.3

affected

2023.2

affected

2023.1

affected

2022.3

affected

2022.2

affected

2022.1

affected

2021.3

affected

2021.2

affected

2021.1

affected

2020.3

affected

2020.2

affected

2020.1

affected

2019.1

affected

2018.2

affected

2018.1

affected

2017.2

affected

References

www.arista.com/...rity-advisory/21314-security-advisory-0114

cve.org (CVE-2024-11186)

nvd.nist.gov (CVE-2024-11186)

Download JSON