Arista: >> Cloudvision Portal >> 2016.1.2.0 Security Vulnerabilities
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-09-22
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-06-06
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-15
CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-01-23