github - ghsa-j55q-g28w-q6mv

GHSA-J55Q-G28W-Q6MV

Vulnerability from github – Published: 2025-05-08 21:32 – Updated: 2025-05-08 21:32

Details

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

Severity ?

8.7 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-8100"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-08T19:16:01Z",
    "severity": "HIGH"
  },
  "details": "On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.",
  "id": "GHSA-j55q-g28w-q6mv",
  "modified": "2025-05-08T21:32:56Z",
  "published": "2025-05-08T21:32:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8100"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-8100 (GCVE-0-2024-8100)

Vulnerability from cvelistv5 – Published: 2025-05-08 18:31 – Updated: 2025-05-08 18:57

Summary

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

Severity ?

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-269 - Improper Privilege Management

Assigner

Arista

References

URL

Tags

https://www.arista.com/en/support/advisories-noti…

Impacted products

	Vendor	Product	Version
	Arista Networks	CloudVision	Affected: 2024.3.0 (custom) Affected: 2024.0 , ≤ 2024.2 (custom) Affected: 2023.3.0 , ≤ 2023.3.1 (custom) Affected: 2023.0 , ≤ 2023.2 (custom) Affected: 2022 (custom) Affected: 2021 (custom) Affected: 2020 (custom) Affected: 2019 (custom) Affected: 2018 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8100",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:56:57.041097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T18:57:09.478Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CloudVision",
          "vendor": "Arista Networks",
          "versions": [
            {
              "status": "affected",
              "version": "2024.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2024.2",
              "status": "affected",
              "version": "2024.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2023.3.1",
              "status": "affected",
              "version": "2023.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2023.2",
              "status": "affected",
              "version": "2023.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2020",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2019",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2018",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo specific configuration is required to be vulnerable to CVE-2024-8100.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "No specific configuration is required to be vulnerable to CVE-2024-8100."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-08T18:31:39.114Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/software-download\"\u003eCVP Software downloads\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-8100 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e2024.1.3 and later releases in the 2024.1.x train\u003c/li\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003cli\u003e2025.1.0 and later releases in the 2025.1.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  CVP Software downloads https://www.arista.com/en/support/software-download \n\n\u00a0\n\nCVE-2024-8100 has been fixed in the following releases:\n\n  *  2024.1.3 and later releases in the 2024.1.x train\n  *  2024.2.2 and later releases in the 2024.2.x train\n  *  2024.3.1 and later releases in the 2024.3.x train\n  *  2025.1.0 and later releases in the 2025.1.x train"
        }
      ],
      "source": {
        "advisory": "116",
        "defect": [
          "BUG 994965"
        ],
        "discovery": "INTERNAL"
      },
      "title": "On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBest practice is for generated device onboarding tokens to be valid for a limited time duration, and for the Device Onboarding permission which allows the generation of these tokens to only be granted to trusted users.\u003c/p\u003e\u003cp\u003eSuccessful exploit generally requires one of the following:\u003c/p\u003e\u003col\u003e\u003cli\u003eA rogue or compromised internal user with Device enrollment read/write permissions\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR,\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003col\u003e\u003cli\u003eA valid device onboarding token that is easily accessible beyond the expected set of trusted users\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf all users with Device Onboarding privileges are trusted, and onboarding tokens are properly secured, then the risk of this issue is limited.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Best practice is for generated device onboarding tokens to be valid for a limited time duration, and for the Device Onboarding permission which allows the generation of these tokens to only be granted to trusted users.\n\nSuccessful exploit generally requires one of the following:\n\n  *  A rogue or compromised internal user with Device enrollment read/write permissions\nOR,\n\n\u00a0\n\n  *  A valid device onboarding token that is easily accessible beyond the expected set of trusted users\nIf all users with Device Onboarding privileges are trusted, and onboarding tokens are properly secured, then the risk of this issue is limited."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2024-8100",
    "datePublished": "2025-05-08T18:31:39.114Z",
    "dateReserved": "2024-08-22T18:18:50.804Z",
    "dateUpdated": "2025-05-08T18:57:09.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-J55Q-G28W-Q6MV

CVE-2024-8100 (GCVE-0-2024-8100)

Tags

Sightings

Nomenclature