cbcvebase.
CVE-2024-11186
published 2025-05-08

CVE-2024-11186: On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS…

PriorityP260critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.64%
46.1th percentile
On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.

Affected

19 ranges
VendorProductVersion rangeFixed in
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal
arista_networkscloudvision_portal2024.1.0 – 2024.1.2
arista_networkscloudvision_portal2024.2.0 – 2024.2.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.