प्लेटफ़ॉर्म
other
घटक
cloudvision-portal
में ठीक किया गया
2024.3.1
2024.2.2
2024.1.3
2023.3.1
2023.2.1
2023.1.1
2022.3.1
2022.2.1
2022.1.1
2021.3.1
2021.2.1
2021.1.1
2020.3.1
2020.2.1
2020.1.1
2019.1.1
2018.2.1
2018.1.1
2017.2.1
CVE-2024-11186 describes an improper access control vulnerability in Arista CloudVision Portal. This flaw allows authenticated malicious users to exceed their intended permissions and perform broader actions on managed EOS devices. The vulnerability affects on-premise deployments of CloudVision Portal running versions 2021.3 through 2024.3.0. A fix is available in version 2024.3.1.
The impact of CVE-2024-11186 is significant due to the potential for privilege escalation and unauthorized device management. An attacker who has successfully authenticated to the CloudVision Portal could leverage this vulnerability to modify configurations, disable security features, or even take control of managed EOS devices. This could lead to widespread network disruption, data breaches, and compromise of sensitive information. The scope of the impact depends on the criticality of the EOS devices managed by the CloudVision Portal and the sensitivity of the data they handle. This vulnerability highlights the importance of robust access controls and the principle of least privilege within network management systems.
CVE-2024-11186 was publicly disclosed on 2025-05-08. Its CRITICAL severity suggests a high likelihood of exploitation if left unpatched. As of this writing, there are no publicly available proof-of-concept exploits. It is not currently listed on the CISA KEV catalog. Organizations should prioritize patching to prevent potential compromise.
Organizations utilizing on-premise deployments of Arista CloudVision Portal, particularly those managing critical network infrastructure with EOS devices, are at risk. Environments with overly permissive user roles or a lack of robust access control policies are especially vulnerable.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.35% (57% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-11186 is to upgrade Arista CloudVision Portal to version 2024.3.1 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls within the CloudVision Portal to limit the actions that authenticated users can perform. Review user permissions and ensure they adhere to the principle of least privilege. Additionally, monitor CloudVision Portal logs for any suspicious activity, particularly attempts to access or modify EOS device configurations by unauthorized users. After upgrading, verify the fix by attempting to perform actions outside of a user's assigned role and confirming that access is denied.
CloudVision Portal को एक अप्रभावित संस्करण में अपडेट करें। अधिक विवरण और विशिष्ट अपडेट निर्देशों के लिए Arista एडवाइजरी देखें। विक्रेता की सिफारिशों के अनुसार उचित एक्सेस नियंत्रण उपाय लागू करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-11186 is a CRITICAL vulnerability affecting Arista CloudVision Portal versions 2021.3–2024.3.0, allowing authenticated users to perform unauthorized actions on managed EOS devices.
If you are running Arista CloudVision Portal on-premise in versions 2021.3 through 2024.3.0, you are potentially affected by this vulnerability.
Upgrade Arista CloudVision Portal to version 2024.3.1 or later to remediate the vulnerability. Implement stricter access controls as an interim measure.
As of now, there are no publicly known active exploitation campaigns, but the CRITICAL severity warrants immediate patching.
Refer to the official Arista CloudVision Portal security advisory for detailed information and guidance: [https://www.arista.com/en/support/security/advisories/cloudvision-portal-security-advisory-cve-2024-11186]
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।