cbcvebase.
CVE-2023-24546
published 2023-06-13

CVE-2023-24546: On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with…

PriorityP349high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.47%
37.4th percentile
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

Affected

7 ranges
VendorProductVersion rangeFixed in
aristacloudvision_portal
aristacloudvision_portal
aristacloudvision_portal
aristacloudvision_portal
aristacloudvision_portal
aristacloudvision_portal
aristacloudvision_portal2021.1 – 2021.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.