Vulnerability Details CVE-2019-18181
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2019-18181
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.2
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.4
-
cpe:2.3:a:arista:cloudvision_portal:2018.2.0
-
cpe:2.3:a:arista:cloudvision_portal:2018.2.3