Vulnerability Details CVE-2020-24333
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://www.arista.com/en/support/advisories-notices
- https://www.arista.com/en/support/advisories-notices/security-advisories/11706-security-advisory-51
- https://www.arista.com/en/support/advisories-notices
- https://www.arista.com/en/support/advisories-notices/security-advisories/11706-security-advisory-51
Products affected by CVE-2020-24333
-
cpe:2.3:a:arista:cloudvision_portal:2015.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2015.1.2
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.2
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.2.0
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.2.1
-
cpe:2.3:a:arista:cloudvision_portal:2016.1.2.3
-
cpe:2.3:a:arista:cloudvision_portal:2017.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2017.1.0.1
-
cpe:2.3:a:arista:cloudvision_portal:2017.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2017.1.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2017.2.0
-
cpe:2.3:a:arista:cloudvision_portal:2017.2.1
-
cpe:2.3:a:arista:cloudvision_portal:2017.2.2
-
cpe:2.3:a:arista:cloudvision_portal:2017.2.3
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.2
-
cpe:2.3:a:arista:cloudvision_portal:2018.1.4
-
cpe:2.3:a:arista:cloudvision_portal:2018.2.0
-
cpe:2.3:a:arista:cloudvision_portal:2018.2.3
-
cpe:2.3:a:arista:cloudvision_portal:2019.1.0
-
cpe:2.3:a:arista:cloudvision_portal:2019.1.1
-
cpe:2.3:a:arista:cloudvision_portal:2019.1.2
-
cpe:2.3:a:arista:cloudvision_portal:2020.1.2