CVE-2024-8100 | THREATINT

Description

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

PUBLISHED Reserved 2024-08-22 | Published 2025-05-08 | Updated 2025-05-08 | Assigner Arista

HIGH: 8.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

unaffected

2024.3.0 (custom)

affected

2024.0 (custom)

affected

2023.3.0 (custom)

affected

2023.0 (custom)

affected

2022 (custom)

affected

2021 (custom)

affected

2020 (custom)

affected

2019 (custom)

affected

2018 (custom)

affected

References

www.arista.com/...rity-advisory/21316-security-advisory-0116

cve.org (CVE-2024-8100)

nvd.nist.gov (CVE-2024-8100)