CVE-2016-9012 — Cloudvision Portal vulnerability

CWE-2643 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 27.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arista Cloudvision Portal

Timeline

PublishedJan 23

Latest updateMay 17

Description

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDarista/cloudvision_portal2016.1.2.0

🔴Vulnerability Details

GHSA

GHSA-cm65-473w-q4v9: CloudVision Portal (CVP) before 2016↗2022-05-17

▶

CVEList

CVE-2016-9012: CloudVision Portal (CVP) before 2016↗2017-01-23

▶