Search criteria
2 vulnerabilities found for CloudVision Appliance by Arista Networks
CVE-2024-7142 (GCVE-0-2024-7142)
Vulnerability from cvelistv5 – Published: 2025-01-10 21:18 – Updated: 2025-01-13 15:01
VLAI?
Title
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
Summary
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
Severity ?
4.6 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Appliance |
Affected:
5.0.2
(custom)
Affected: 6.0.0 , ≤ 6.0.6 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T15:01:00.479223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T15:01:15.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Appliance",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "5.0.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSystems are affected if disk encryption has been enabled using the \u003cb\u003ecva disk encryption enable\u003c/b\u003e\u0026nbsp;command. Whether a system is currently in the affected configuration can be determined with the following steps.\u003c/p\u003e\u003ch4\u003ePreliminary steps\u003c/h4\u003e\u003cp\u003eTo run the checks described below, it is necessary to run the \u003cb\u003eracadm\u003c/b\u003e\u0026nbsp;tool in the privileged mode. The tool is available under the \u003cb\u003eracadm\u003c/b\u003e\u0026nbsp;command in CVA version 5 and 6.\u003c/p\u003e\u003cp\u003eThe user will need to know the Fully Qualified Device Descriptor (FQDD) of the RAID controller(s) and the virtual disks. These can be retrieved with the following commands.\u003c/p\u003e\u003cul\u003e\u003cli\u003eTo get the list of FQDD of the RAID controllers, use \u003cb\u003eracadm storage get controllers\u003c/b\u003e.\u003cbr\u003eThe RAID controller(s) will be listed among the others.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eTo get the list of FQDD of the virtual disks, run \u003cb\u003eracadm storage get vdisks\u003c/b\u003e\u0026nbsp;.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe following is an example from a running a system:\u003c/p\u003e\u003cpre\u003e[root@cv ~]# racadm storage get controllers\nRAID.SL.3-1\nAHCI.Embedded.2-1\nAHCI.Embedded.1-1\n \n[root@cv ~]# racadm storage get vdisks\nDisk.Virtual.239:RAID.SL.3-1\nDisk.Virtual.238:RAID.SL.3-1\n\u003c/pre\u003e\u003cp\u003eAdding the \u003cb\u003e-o\u003c/b\u003e\u0026nbsp;key to both of these commands will output the properties against each device which include the name and the security status. In addition, the -p option allows the user to query a specific set of properties of the devices. Check \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.dell.com/support\"\u003ehttps://www.dell.com/support\u003c/a\u003e\u0026nbsp;for further details on the \u003cb\u003eracadm\u003c/b\u003e\u0026nbsp;command and its options.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Systems are affected if disk encryption has been enabled using the cva disk encryption enable\u00a0command. Whether a system is currently in the affected configuration can be determined with the following steps.\n\nPreliminary stepsTo run the checks described below, it is necessary to run the racadm\u00a0tool in the privileged mode. The tool is available under the racadm\u00a0command in CVA version 5 and 6.\n\nThe user will need to know the Fully Qualified Device Descriptor (FQDD) of the RAID controller(s) and the virtual disks. These can be retrieved with the following commands.\n\n * To get the list of FQDD of the RAID controllers, use racadm storage get controllers.\nThe RAID controller(s) will be listed among the others.\u00a0\n\n\n * To get the list of FQDD of the virtual disks, run racadm storage get vdisks\u00a0.\n\n\nThe following is an example from a running a system:\n\n[root@cv ~]# racadm storage get controllers\nRAID.SL.3-1\nAHCI.Embedded.2-1\nAHCI.Embedded.1-1\n \n[root@cv ~]# racadm storage get vdisks\nDisk.Virtual.239:RAID.SL.3-1\nDisk.Virtual.238:RAID.SL.3-1\n\n\nAdding the -o\u00a0key to both of these commands will output the properties against each device which include the name and the security status. In addition, the -p option allows the user to query a specific set of properties of the devices. Check https://www.dell.com/support \u00a0for further details on the racadm\u00a0command and its options."
}
],
"datePublic": "2024-09-24T20:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them"
}
],
"value": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them"
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:18:27.988Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/qsg-cva-350e-cv\"\u003eCloudVision Appliance 350E-CV - Arista\u003c/a\u003e.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-7142 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003eCVA 6.0.7\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf the user runs the \u003cb\u003ecva disk encryption enable\u003c/b\u003e\u0026nbsp;command in the aforementioned releases containing the fix, the disks will be properly encrypted.\u003c/p\u003e\u003cp\u003eIn addition, the upgrade from a vulnerable CVA version to the versions mentioned above will fix the issue automatically.\u003c/p\u003e\u003cul\u003e\u003cli\u003eIf the key/password pair is found during the upgrade, the upgrade process will encrypt the disks properly. Just to be clear, if this upgrade process \u003ci\u003edoes not notice\u003c/i\u003e\u0026nbsp;the corresponding key/password pair on the system, it will preserve the original intent of the user and \u003ci\u003ewill not \u003c/i\u003eencrypt the disks.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eIf the user no longer wants to encrypt the disks even though they previously ran \u003cb\u003ecva disk encryption enable \u003c/b\u003ecommand on a vulnerable release, \u003cb\u003ecva disk encryption disable\u003c/b\u003e\u0026nbsp;command must be run \u003ci\u003ebefore the upgrade. \u003c/i\u003eThis \u003cb\u003edisable\u003c/b\u003e\u0026nbsp;option will not be available on the new releases\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nFor more information about upgrading see CloudVision Appliance 350E-CV - Arista https://www.arista.com/en/qsg-cva-350e-cv .\n\n\u00a0\n\nCVE-2024-7142 has been fixed in the following releases:\n\n * CVA 6.0.7\n\n\nIf the user runs the cva disk encryption enable\u00a0command in the aforementioned releases containing the fix, the disks will be properly encrypted.\n\nIn addition, the upgrade from a vulnerable CVA version to the versions mentioned above will fix the issue automatically.\n\n * If the key/password pair is found during the upgrade, the upgrade process will encrypt the disks properly. Just to be clear, if this upgrade process does not notice\u00a0the corresponding key/password pair on the system, it will preserve the original intent of the user and will not encrypt the disks.\u00a0\n\n\n * If the user no longer wants to encrypt the disks even though they previously ran cva disk encryption enable command on a vulnerable release, cva disk encryption disable\u00a0command must be run before the upgrade. This disable\u00a0option will not be available on the new releases"
}
],
"source": {
"advisory": "104",
"defect": [
"BUG 984230"
],
"discovery": "INTERNAL"
},
"title": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo manually fix the issue on a vulnerable system determined by following the steps depicted in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-2\"\u003eDetermining a vulnerable device\u003c/a\u003e\u0026nbsp;section, run the following commands to enable the encryption of the virtual disks. The FQDD of the RAID controller(s) and virtual disks will be needed for this mitigation. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-3\"\u003ePreliminary steps\u003c/a\u003e\u0026nbsp;section on how to retrieve them. Note as the security key was set before on this vulnerable system, it is not needed to set it again here. Please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-4\"\u003eCaveats\u003c/a\u003e\u0026nbsp;section for more information.\u003c/p\u003e\u003cp\u003eGenerally, the overall process takes up to 10 minutes. The performance of a running system is not expected to degrade when the following steps are carried out.\u003c/p\u003e\u003col\u003e\u003cli\u003eEncrypt all virtual disks that belong to the RAID controller by running the following command for each of them:\u003cbr\u003e\u003cpre\u003eracadm storage encryptvd:\u0026lt;virtual drive FQDD\u0026gt;\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eCreate the job for the RAID controller and monitor its progress:\u003cbr\u003e\u003cpre\u003eracadm jobqueue create \u0026lt;RAID controller FQDD\u0026gt; --realtime\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eThis command must return the scheduled configuration job ID in its output. Look for \u003cb\u003eCommit JID = JID_xxxxx \u003c/b\u003ein the output.\u003cbr\u003eThen check the status of this job with \u003cb\u003eracadm jobqueue view -i \u0026lt;jobId\u0026gt;\u003c/b\u003e. It will take up to 10 minutes to complete.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eAfter the job is complete, run the following command to see if all the virtual disks are encrypted.\u003cbr\u003e\u003cpre\u003eracadm storage get vdisks --refkey \u0026lt;RAID controller FQDD\u0026gt; -o\u003c/pre\u003e\u003cp\u003eThe output should show\u003cb\u003e\u0026nbsp;Secured = YES\u003c/b\u003e\u0026nbsp;against each one of them.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe following is an example of the aforementioned steps.\u003c/p\u003e\u003cpre\u003e[root@cv ~]# \u003cb\u003eracadm storage encryptvd:Disk.Virtual.238:RAID.SL.3-1\u003c/b\u003e\nSTOR094 : The storage configuration operation is successfully completed\nand the change is in pending state.\n\u0026lt;--snip\u2014-\u0026gt;\n \n[root@cv ~]# \u003cb\u003eracadm jobqueue create RAID.SL.3-1 --realtime\u003c/b\u003e\nRAC1024: Successfully scheduled a job.\nVerify the job status using \"racadm jobqueue view -i JID_xxxxx\" command.\nCommit JID = JID_218438865303\n \n[root@cv ~]# \u003cb\u003eracadm jobqueue view -i JID_218438865303\u003c/b\u003e\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\n\u003cb\u003eStatus=Running\u003c/b\u003e\n\u0026lt;--snip\u2014-\u0026gt;\n\u003cb\u003ePercent Complete=[1]\u003c/b\u003e\n \n[root@cv ~]# \u003cb\u003eracadm jobqueue view -i JID_218438865303\u003c/b\u003e\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\n\u003cb\u003eStatus=Completed\u003c/b\u003e\n\u0026lt;--snip\u2014-\u0026gt;\n\u003cb\u003ePercent Complete=[100]\u003c/b\u003e\n \n[root@cv ~]# \u003cb\u003eracadm storage get vdisks --refkey RAID.SL.3-1 -o\u003c/b\u003e\n \nDisk.Virtual.238:RAID.SL.3-1\n\u0026nbsp; \u0026nbsp;Status \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = Ok\n\u0026nbsp; \u0026nbsp;DeviceDescription \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = Virtual Disk 238 on RAID Controller in SL 3\n\u0026nbsp; \u0026nbsp;Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = os\n\u0026lt;--snip\u2014-\u0026gt;\n\u0026nbsp; \u003cb\u003e\u0026nbsp;Secured \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = YES\u003c/b\u003e\n\u0026lt;--snip\u2014-\u0026gt;\n\u0026nbsp; \u0026nbsp;\nDisk.Virtual.239:RAID.SL.3-1\n\u0026nbsp; \u0026nbsp;Status \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = Ok\n\u0026nbsp; \u0026nbsp;DeviceDescription \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = Virtual Disk 239 on RAID Controller in SL 3\n\u0026nbsp; \u0026nbsp;Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = data\n\u0026lt;--snip\u2014-\u0026gt;\n\u003cb\u003e\u0026nbsp; \u0026nbsp;Secured \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = YES\u003c/b\u003e\n\u0026lt;--snip\u2014-\u0026gt;\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "To manually fix the issue on a vulnerable system determined by following the steps depicted in the Determining a vulnerable device https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-2 \u00a0section, run the following commands to enable the encryption of the virtual disks. The FQDD of the RAID controller(s) and virtual disks will be needed for this mitigation. See the Preliminary steps https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-3 \u00a0section on how to retrieve them. Note as the security key was set before on this vulnerable system, it is not needed to set it again here. Please see the Caveats https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-4 \u00a0section for more information.\n\nGenerally, the overall process takes up to 10 minutes. The performance of a running system is not expected to degrade when the following steps are carried out.\n\n * Encrypt all virtual disks that belong to the RAID controller by running the following command for each of them:\nracadm storage encryptvd:\u003cvirtual drive FQDD\u003e\n\n\u00a0\n\n\n * Create the job for the RAID controller and monitor its progress:\nracadm jobqueue create \u003cRAID controller FQDD\u003e --realtime\n\n\u00a0\n\nThis command must return the scheduled configuration job ID in its output. Look for Commit JID = JID_xxxxx in the output.\nThen check the status of this job with racadm jobqueue view -i \u003cjobId\u003e. It will take up to 10 minutes to complete.\u00a0\n\n\n * After the job is complete, run the following command to see if all the virtual disks are encrypted.\nracadm storage get vdisks --refkey \u003cRAID controller FQDD\u003e -o\n\nThe output should show\u00a0Secured = YES\u00a0against each one of them.\n\n\nThe following is an example of the aforementioned steps.\n\n[root@cv ~]# racadm storage encryptvd:Disk.Virtual.238:RAID.SL.3-1\nSTOR094 : The storage configuration operation is successfully completed\nand the change is in pending state.\n\u003c--snip\u2014-\u003e\n \n[root@cv ~]# racadm jobqueue create RAID.SL.3-1 --realtime\nRAC1024: Successfully scheduled a job.\nVerify the job status using \"racadm jobqueue view -i JID_xxxxx\" command.\nCommit JID = JID_218438865303\n \n[root@cv ~]# racadm jobqueue view -i JID_218438865303\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\nStatus=Running\n\u003c--snip\u2014-\u003e\nPercent Complete=[1]\n \n[root@cv ~]# racadm jobqueue view -i JID_218438865303\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\nStatus=Completed\n\u003c--snip\u2014-\u003e\nPercent Complete=[100]\n \n[root@cv ~]# racadm storage get vdisks --refkey RAID.SL.3-1 -o\n \nDisk.Virtual.238:RAID.SL.3-1\n\u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Ok\n\u00a0 \u00a0DeviceDescription \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Virtual Disk 238 on RAID Controller in SL 3\n\u00a0 \u00a0Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = os\n\u003c--snip\u2014-\u003e\n\u00a0 \u00a0Secured \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = YES\n\u003c--snip\u2014-\u003e\n\u00a0 \u00a0\nDisk.Virtual.239:RAID.SL.3-1\n\u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Ok\n\u00a0 \u00a0DeviceDescription \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Virtual Disk 239 on RAID Controller in SL 3\n\u00a0 \u00a0Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = data\n\u003c--snip\u2014-\u003e\n\u00a0 \u00a0Secured \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = YES\n\u003c--snip\u2014-\u003e"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-7142",
"datePublished": "2025-01-10T21:18:27.988Z",
"dateReserved": "2024-07-26T18:43:29.610Z",
"dateUpdated": "2025-01-13T15:01:15.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7142 (GCVE-0-2024-7142)
Vulnerability from nvd – Published: 2025-01-10 21:18 – Updated: 2025-01-13 15:01
VLAI?
Title
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
Summary
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
Severity ?
4.6 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Appliance |
Affected:
5.0.2
(custom)
Affected: 6.0.0 , ≤ 6.0.6 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T15:01:00.479223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T15:01:15.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Appliance",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "5.0.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.6",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSystems are affected if disk encryption has been enabled using the \u003cb\u003ecva disk encryption enable\u003c/b\u003e\u0026nbsp;command. Whether a system is currently in the affected configuration can be determined with the following steps.\u003c/p\u003e\u003ch4\u003ePreliminary steps\u003c/h4\u003e\u003cp\u003eTo run the checks described below, it is necessary to run the \u003cb\u003eracadm\u003c/b\u003e\u0026nbsp;tool in the privileged mode. The tool is available under the \u003cb\u003eracadm\u003c/b\u003e\u0026nbsp;command in CVA version 5 and 6.\u003c/p\u003e\u003cp\u003eThe user will need to know the Fully Qualified Device Descriptor (FQDD) of the RAID controller(s) and the virtual disks. These can be retrieved with the following commands.\u003c/p\u003e\u003cul\u003e\u003cli\u003eTo get the list of FQDD of the RAID controllers, use \u003cb\u003eracadm storage get controllers\u003c/b\u003e.\u003cbr\u003eThe RAID controller(s) will be listed among the others.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eTo get the list of FQDD of the virtual disks, run \u003cb\u003eracadm storage get vdisks\u003c/b\u003e\u0026nbsp;.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThe following is an example from a running a system:\u003c/p\u003e\u003cpre\u003e[root@cv ~]# racadm storage get controllers\nRAID.SL.3-1\nAHCI.Embedded.2-1\nAHCI.Embedded.1-1\n \n[root@cv ~]# racadm storage get vdisks\nDisk.Virtual.239:RAID.SL.3-1\nDisk.Virtual.238:RAID.SL.3-1\n\u003c/pre\u003e\u003cp\u003eAdding the \u003cb\u003e-o\u003c/b\u003e\u0026nbsp;key to both of these commands will output the properties against each device which include the name and the security status. In addition, the -p option allows the user to query a specific set of properties of the devices. Check \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.dell.com/support\"\u003ehttps://www.dell.com/support\u003c/a\u003e\u0026nbsp;for further details on the \u003cb\u003eracadm\u003c/b\u003e\u0026nbsp;command and its options.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Systems are affected if disk encryption has been enabled using the cva disk encryption enable\u00a0command. Whether a system is currently in the affected configuration can be determined with the following steps.\n\nPreliminary stepsTo run the checks described below, it is necessary to run the racadm\u00a0tool in the privileged mode. The tool is available under the racadm\u00a0command in CVA version 5 and 6.\n\nThe user will need to know the Fully Qualified Device Descriptor (FQDD) of the RAID controller(s) and the virtual disks. These can be retrieved with the following commands.\n\n * To get the list of FQDD of the RAID controllers, use racadm storage get controllers.\nThe RAID controller(s) will be listed among the others.\u00a0\n\n\n * To get the list of FQDD of the virtual disks, run racadm storage get vdisks\u00a0.\n\n\nThe following is an example from a running a system:\n\n[root@cv ~]# racadm storage get controllers\nRAID.SL.3-1\nAHCI.Embedded.2-1\nAHCI.Embedded.1-1\n \n[root@cv ~]# racadm storage get vdisks\nDisk.Virtual.239:RAID.SL.3-1\nDisk.Virtual.238:RAID.SL.3-1\n\n\nAdding the -o\u00a0key to both of these commands will output the properties against each device which include the name and the security status. In addition, the -p option allows the user to query a specific set of properties of the devices. Check https://www.dell.com/support \u00a0for further details on the racadm\u00a0command and its options."
}
],
"datePublic": "2024-09-24T20:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them"
}
],
"value": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them"
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:18:27.988Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/qsg-cva-350e-cv\"\u003eCloudVision Appliance 350E-CV - Arista\u003c/a\u003e.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-7142 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003eCVA 6.0.7\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf the user runs the \u003cb\u003ecva disk encryption enable\u003c/b\u003e\u0026nbsp;command in the aforementioned releases containing the fix, the disks will be properly encrypted.\u003c/p\u003e\u003cp\u003eIn addition, the upgrade from a vulnerable CVA version to the versions mentioned above will fix the issue automatically.\u003c/p\u003e\u003cul\u003e\u003cli\u003eIf the key/password pair is found during the upgrade, the upgrade process will encrypt the disks properly. Just to be clear, if this upgrade process \u003ci\u003edoes not notice\u003c/i\u003e\u0026nbsp;the corresponding key/password pair on the system, it will preserve the original intent of the user and \u003ci\u003ewill not \u003c/i\u003eencrypt the disks.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eIf the user no longer wants to encrypt the disks even though they previously ran \u003cb\u003ecva disk encryption enable \u003c/b\u003ecommand on a vulnerable release, \u003cb\u003ecva disk encryption disable\u003c/b\u003e\u0026nbsp;command must be run \u003ci\u003ebefore the upgrade. \u003c/i\u003eThis \u003cb\u003edisable\u003c/b\u003e\u0026nbsp;option will not be available on the new releases\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nFor more information about upgrading see CloudVision Appliance 350E-CV - Arista https://www.arista.com/en/qsg-cva-350e-cv .\n\n\u00a0\n\nCVE-2024-7142 has been fixed in the following releases:\n\n * CVA 6.0.7\n\n\nIf the user runs the cva disk encryption enable\u00a0command in the aforementioned releases containing the fix, the disks will be properly encrypted.\n\nIn addition, the upgrade from a vulnerable CVA version to the versions mentioned above will fix the issue automatically.\n\n * If the key/password pair is found during the upgrade, the upgrade process will encrypt the disks properly. Just to be clear, if this upgrade process does not notice\u00a0the corresponding key/password pair on the system, it will preserve the original intent of the user and will not encrypt the disks.\u00a0\n\n\n * If the user no longer wants to encrypt the disks even though they previously ran cva disk encryption enable command on a vulnerable release, cva disk encryption disable\u00a0command must be run before the upgrade. This disable\u00a0option will not be available on the new releases"
}
],
"source": {
"advisory": "104",
"defect": [
"BUG 984230"
],
"discovery": "INTERNAL"
},
"title": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo manually fix the issue on a vulnerable system determined by following the steps depicted in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-2\"\u003eDetermining a vulnerable device\u003c/a\u003e\u0026nbsp;section, run the following commands to enable the encryption of the virtual disks. The FQDD of the RAID controller(s) and virtual disks will be needed for this mitigation. See the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-3\"\u003ePreliminary steps\u003c/a\u003e\u0026nbsp;section on how to retrieve them. Note as the security key was set before on this vulnerable system, it is not needed to set it again here. Please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-4\"\u003eCaveats\u003c/a\u003e\u0026nbsp;section for more information.\u003c/p\u003e\u003cp\u003eGenerally, the overall process takes up to 10 minutes. The performance of a running system is not expected to degrade when the following steps are carried out.\u003c/p\u003e\u003col\u003e\u003cli\u003eEncrypt all virtual disks that belong to the RAID controller by running the following command for each of them:\u003cbr\u003e\u003cpre\u003eracadm storage encryptvd:\u0026lt;virtual drive FQDD\u0026gt;\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eCreate the job for the RAID controller and monitor its progress:\u003cbr\u003e\u003cpre\u003eracadm jobqueue create \u0026lt;RAID controller FQDD\u0026gt; --realtime\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eThis command must return the scheduled configuration job ID in its output. Look for \u003cb\u003eCommit JID = JID_xxxxx \u003c/b\u003ein the output.\u003cbr\u003eThen check the status of this job with \u003cb\u003eracadm jobqueue view -i \u0026lt;jobId\u0026gt;\u003c/b\u003e. It will take up to 10 minutes to complete.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eAfter the job is complete, run the following command to see if all the virtual disks are encrypted.\u003cbr\u003e\u003cpre\u003eracadm storage get vdisks --refkey \u0026lt;RAID controller FQDD\u0026gt; -o\u003c/pre\u003e\u003cp\u003eThe output should show\u003cb\u003e\u0026nbsp;Secured = YES\u003c/b\u003e\u0026nbsp;against each one of them.\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe following is an example of the aforementioned steps.\u003c/p\u003e\u003cpre\u003e[root@cv ~]# \u003cb\u003eracadm storage encryptvd:Disk.Virtual.238:RAID.SL.3-1\u003c/b\u003e\nSTOR094 : The storage configuration operation is successfully completed\nand the change is in pending state.\n\u0026lt;--snip\u2014-\u0026gt;\n \n[root@cv ~]# \u003cb\u003eracadm jobqueue create RAID.SL.3-1 --realtime\u003c/b\u003e\nRAC1024: Successfully scheduled a job.\nVerify the job status using \"racadm jobqueue view -i JID_xxxxx\" command.\nCommit JID = JID_218438865303\n \n[root@cv ~]# \u003cb\u003eracadm jobqueue view -i JID_218438865303\u003c/b\u003e\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\n\u003cb\u003eStatus=Running\u003c/b\u003e\n\u0026lt;--snip\u2014-\u0026gt;\n\u003cb\u003ePercent Complete=[1]\u003c/b\u003e\n \n[root@cv ~]# \u003cb\u003eracadm jobqueue view -i JID_218438865303\u003c/b\u003e\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\n\u003cb\u003eStatus=Completed\u003c/b\u003e\n\u0026lt;--snip\u2014-\u0026gt;\n\u003cb\u003ePercent Complete=[100]\u003c/b\u003e\n \n[root@cv ~]# \u003cb\u003eracadm storage get vdisks --refkey RAID.SL.3-1 -o\u003c/b\u003e\n \nDisk.Virtual.238:RAID.SL.3-1\n\u0026nbsp; \u0026nbsp;Status \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = Ok\n\u0026nbsp; \u0026nbsp;DeviceDescription \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = Virtual Disk 238 on RAID Controller in SL 3\n\u0026nbsp; \u0026nbsp;Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = os\n\u0026lt;--snip\u2014-\u0026gt;\n\u0026nbsp; \u003cb\u003e\u0026nbsp;Secured \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = YES\u003c/b\u003e\n\u0026lt;--snip\u2014-\u0026gt;\n\u0026nbsp; \u0026nbsp;\nDisk.Virtual.239:RAID.SL.3-1\n\u0026nbsp; \u0026nbsp;Status \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = Ok\n\u0026nbsp; \u0026nbsp;DeviceDescription \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = Virtual Disk 239 on RAID Controller in SL 3\n\u0026nbsp; \u0026nbsp;Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = data\n\u0026lt;--snip\u2014-\u0026gt;\n\u003cb\u003e\u0026nbsp; \u0026nbsp;Secured \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; = YES\u003c/b\u003e\n\u0026lt;--snip\u2014-\u0026gt;\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "To manually fix the issue on a vulnerable system determined by following the steps depicted in the Determining a vulnerable device https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-2 \u00a0section, run the following commands to enable the encryption of the virtual disks. The FQDD of the RAID controller(s) and virtual disks will be needed for this mitigation. See the Preliminary steps https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-3 \u00a0section on how to retrieve them. Note as the security key was set before on this vulnerable system, it is not needed to set it again here. Please see the Caveats https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-4 \u00a0section for more information.\n\nGenerally, the overall process takes up to 10 minutes. The performance of a running system is not expected to degrade when the following steps are carried out.\n\n * Encrypt all virtual disks that belong to the RAID controller by running the following command for each of them:\nracadm storage encryptvd:\u003cvirtual drive FQDD\u003e\n\n\u00a0\n\n\n * Create the job for the RAID controller and monitor its progress:\nracadm jobqueue create \u003cRAID controller FQDD\u003e --realtime\n\n\u00a0\n\nThis command must return the scheduled configuration job ID in its output. Look for Commit JID = JID_xxxxx in the output.\nThen check the status of this job with racadm jobqueue view -i \u003cjobId\u003e. It will take up to 10 minutes to complete.\u00a0\n\n\n * After the job is complete, run the following command to see if all the virtual disks are encrypted.\nracadm storage get vdisks --refkey \u003cRAID controller FQDD\u003e -o\n\nThe output should show\u00a0Secured = YES\u00a0against each one of them.\n\n\nThe following is an example of the aforementioned steps.\n\n[root@cv ~]# racadm storage encryptvd:Disk.Virtual.238:RAID.SL.3-1\nSTOR094 : The storage configuration operation is successfully completed\nand the change is in pending state.\n\u003c--snip\u2014-\u003e\n \n[root@cv ~]# racadm jobqueue create RAID.SL.3-1 --realtime\nRAC1024: Successfully scheduled a job.\nVerify the job status using \"racadm jobqueue view -i JID_xxxxx\" command.\nCommit JID = JID_218438865303\n \n[root@cv ~]# racadm jobqueue view -i JID_218438865303\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\nStatus=Running\n\u003c--snip\u2014-\u003e\nPercent Complete=[1]\n \n[root@cv ~]# racadm jobqueue view -i JID_218438865303\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\nStatus=Completed\n\u003c--snip\u2014-\u003e\nPercent Complete=[100]\n \n[root@cv ~]# racadm storage get vdisks --refkey RAID.SL.3-1 -o\n \nDisk.Virtual.238:RAID.SL.3-1\n\u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Ok\n\u00a0 \u00a0DeviceDescription \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Virtual Disk 238 on RAID Controller in SL 3\n\u00a0 \u00a0Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = os\n\u003c--snip\u2014-\u003e\n\u00a0 \u00a0Secured \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = YES\n\u003c--snip\u2014-\u003e\n\u00a0 \u00a0\nDisk.Virtual.239:RAID.SL.3-1\n\u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Ok\n\u00a0 \u00a0DeviceDescription \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Virtual Disk 239 on RAID Controller in SL 3\n\u00a0 \u00a0Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = data\n\u003c--snip\u2014-\u003e\n\u00a0 \u00a0Secured \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = YES\n\u003c--snip\u2014-\u003e"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-7142",
"datePublished": "2025-01-10T21:18:27.988Z",
"dateReserved": "2024-07-26T18:43:29.610Z",
"dateUpdated": "2025-01-13T15:01:15.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}