CVE-2019-18181 — Cloudvision Portal vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 86.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arista Cloudvision Portal

Timeline

PublishedDec 19

Latest updateMay 24

Description

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDarista/cloudvision_portal2018.1.0 — 2018.1.4+1

🔴Vulnerability Details

GHSA

GHSA-7pgw-f7qr-4rpw: In CloudVision Portal all releases in the 2018↗2022-05-24

▶

CVEList

CVE-2019-18181: In CloudVision Portal all releases in the 2018↗2019-12-19

▶