Admin Privilege Escalation Vulnerability in Arista CloudVision Portal
CVE-2024-8100

8.7HIGH

Key Information:

Vendor: Arista Networks
Status: Cloudvision
Vendor: CVE Published:; 8 May 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2024-8100?

On certain versions of the Arista CloudVision Portal, a flaw exists related to the handling of time-bound device onboarding tokens. An attacker could exploit this weakness to gain administrative privileges within the CloudVision system, potentially leading to unauthorized access and control over the portal's features and settings.

Affected Version(s)

CloudVision 2024.3.0

CloudVision 2024.0 <= 2024.2

CloudVision 2023.3.0 <= 2023.3.1

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Aug 22, 2024

JSON