Arista Cloudvision Portal — known CVE vulnerabilities
Every CVE whose affected-product data names Arista Cloudvision Portal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2016-9012 — CVSS 8.8 (high): CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via…
CVE-2023-24546 — CVSS 8.1 (high): On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a…
CVE-2019-18181 — CVSS 7.8 (high): In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for…
CVE-2020-13881 — CVSS 7.5 (high): In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are…
CVE-2019-17596 — CVSS 7.5 (high): Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There…
CVE-2020-24333 — CVSS 6.5 (medium): A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the…
CVE-2019-18615 — CVSS 4.9 (medium): In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain…
CVE-2022-29071 — CVSS 4.0 (medium): This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where…