Vulnerabilities > CVE-2020-24333 - Unspecified vulnerability in Arista Cloudvision Portal
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
Vulnerable Configurations
References
- https://www.arista.com/en/support/advisories-notices
- https://www.arista.com/en/support/advisories-notices
- https://www.arista.com/en/support/advisories-notices/security-advisories/11706-security-advisory-51
- https://www.arista.com/en/support/advisories-notices/security-advisories/11706-security-advisory-51