Plattform
other
Komponente
cloudvision-portal
Behoben in
2024.2.2
2024.3.1
CVE-2025-0505 is a critical vulnerability affecting Arista CloudVision Portal, specifically impacting on-premise deployments (virtual or physical). This issue allows an attacker leveraging Zero Touch Provisioning to gain administrative privileges beyond what is necessary, potentially leading to unauthorized access and manipulation of system state and managed devices. The vulnerability affects versions 2024.2.0 through 2024.3.0, and a fix is available in version 2024.3.1.
The primary impact of CVE-2025-0505 is the potential for privilege escalation within the Arista CloudVision Portal environment. An attacker exploiting this vulnerability could gain elevated access, allowing them to query and manipulate the configuration and state of devices managed by CloudVision. This could lead to unauthorized changes to network settings, data exfiltration, or even complete control over affected devices. The scope of the impact depends on the level of access gained and the sensitivity of the managed devices. This vulnerability does not affect CloudVision as-a-Service deployments.
CVE-2025-0505 was publicly disclosed on 2025-05-08. The CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. Currently, there are no publicly available proof-of-concept exploits, but the ease of exploitation due to the nature of Zero Touch Provisioning suggests a potential for rapid exploitation if a PoC is released. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing on-premise deployments of Arista CloudVision Portal, particularly those relying heavily on Zero Touch Provisioning for device management, are at significant risk. Legacy configurations with overly permissive ZTP access controls are especially vulnerable. Shared hosting environments where multiple tenants share a CloudVision Portal instance should also be considered at risk.
disclosure
Exploit-Status
EPSS
0.30% (53% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2025-0505 is to upgrade Arista CloudVision Portal to version 2024.3.1 or later. If an immediate upgrade is not feasible, review and restrict Zero Touch Provisioning configurations to limit the permissions granted. Implement strict access controls and multi-factor authentication for all administrative accounts. Regularly audit CloudVision Portal configurations and logs for any suspicious activity. After upgrading, verify the remediation by attempting to trigger a Zero Touch Provisioning request with a limited user account and confirming that it does not grant elevated privileges.
Aktualisieren Sie auf eine CloudVision Portal Version nach 2024.3.0. Konsultieren Sie den Arista Advisory für spezifische Details zu den behobenen Versionen und den Aktualisierungsanweisungen. Dies mildert die Zero Touch Provisioning Schwachstelle, die die Erlangung unautorisierter Administratorrechte ermöglicht.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-0505 is a critical vulnerability in Arista CloudVision Portal versions 2024.2.0–2024.3.0. It allows attackers to escalate privileges through Zero Touch Provisioning, potentially gaining control over managed devices. The CVSS score is 10 (CRITICAL).
If you are running Arista CloudVision Portal versions 2024.2.0 through 2024.3.0 on an on-premise deployment, you are potentially affected. CloudVision as-a-Service is not impacted.
Upgrade Arista CloudVision Portal to version 2024.3.1 or later. Back up your configuration before upgrading to allow for rollback if needed.
There is currently no evidence of active exploitation in the wild, but the critical severity suggests potential for future exploitation.
Refer to the official Arista CloudVision security advisory for detailed information and upgrade instructions. Check the Arista support website for the latest advisory.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.