Arista Security Advisories

Date: December 4th, 2019 Version: 1.0 Revision Date Changes 1.0 December 4, 2019 Initial Release   CVE-ID tracking this issue is: CVE-2019-18615 CVSSv3 Base Score: 7.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N) Description: This advisory documents the impact of an internally found security vulnerability for CloudVision Portal (CVP) where, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user ...

Date: December 4th, 2019 Version: 1.0 Revision Date Changes 1.0 December 4, 2019 Initial Release   The CVE-ID tracking this issue is: CVE-2019-18181 CVSSv3 Base Score: 5.6 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N) Description: This advisory documents the impact of an internally found privilege escalation vulnerability where CloudVision Portal allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the ...

Date: November 6th, 2019 Version: 1.0 Revision Date Changes 1.0 November 6th, 2019 Initial Release     The CVE-IDs tracking this issue: CVE-2019-9512, CVE-2019-9514, and CVE-2019-9515 CVSSv3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the exposure of Arista’s products to the above-listed CVEs regarding an HTTP2 OOM security vulnerability in Go’s gRPC library. The vulnerability is in an open-source software, Go’s gRPC li ...

Date: October 9th, 2019 Version: 1.0 Revision Date Changes 1.0 October 9th, 2019 Initial Release     The CVE-IDs tracking this issue are CVE-2019-14810. CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory is to document a security vulnerability that was identified internally by Arista Networks. Arista has not received evidence of this vulnerability being exploited, as of the date of this update. The vulnerability is in the impleme ...