Privilege Escalation Vulnerability in Arista CloudVision Systems
CVE-2025-0505
10CRITICAL
What is CVE-2025-0505?
A privilege escalation vulnerability exists in Arista CloudVision systems, which allows unauthorized users to leverage the Zero Touch Provisioning feature to gain administrative privileges. This could result in enhanced permissions enabling them to monitor or manipulate the state of devices managed on the platform. It's important to note that CloudVision as-a-Service is not impacted by this vulnerability, emphasizing the need for users of on-premise deployments to apply necessary security measures.
Affected Version(s)
CloudVision Portal 2024.2.0 <= 2024.2.1
CloudVision Portal 2024.3.0
References
CVSS V3.1
Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved