A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
References
| Link | Resource |
|---|---|
| https://www.arista.com/en/support/advisories-notices | Vendor Advisory |
| https://www.arista.com/en/support/advisories-notices/security-advisories/11706-security-advisory-51 | Exploit Mitigation Vendor Advisory |
| https://www.arista.com/en/support/advisories-notices | Vendor Advisory |
| https://www.arista.com/en/support/advisories-notices/security-advisories/11706-security-advisory-51 | Exploit Mitigation Vendor Advisory |
Configurations
History
21 Nov 2024, 05:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.arista.com/en/support/advisories-notices - Vendor Advisory | |
| References | () https://www.arista.com/en/support/advisories-notices/security-advisories/11706-security-advisory-51 - Exploit, Mitigation, Vendor Advisory |
Information
Published : 2020-09-22 15:15
Updated : 2024-11-21 05:14
NVD link : CVE-2020-24333
Mitre link : CVE-2020-24333
CVE.ORG link : CVE-2020-24333
JSON object : View
Products Affected
arista
- cloudvision_portal
CWE