Vulnerability-Lookup

GHSA-V3M4-V33X-7JHP

Vulnerability from github – Published: 2025-05-08 21:32 – Updated: 2025-05-08 21:32

Details

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.

Severity

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-0505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-08T19:16:01Z",
    "severity": "CRITICAL"
  },
  "details": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.",
  "id": "GHSA-v3m4-v33x-7jhp",
  "modified": "2025-05-08T21:32:56Z",
  "published": "2025-05-08T21:32:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0505"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-0505 (GCVE-0-2025-0505)

Vulnerability from cvelistv5 – Published: 2025-05-08 18:37 – Updated: 2025-05-08 18:56

Title

Summary

Severity

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE

CWE-269 - Improper Privilege Management

Assigner

Arista

References

1 reference

URL	Tags
https://www.arista.com/en/support/advisories-noti…

Impacted products

1 product

Vendor	Product	Version
Arista Networks	CloudVision Portal	Affected: 2024.2.0 , ≤ 2024.2.1 (custom) Affected: 2024.3.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T18:55:39.942468Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T18:56:19.850Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CloudVision Portal",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "2024.2.1",
              "status": "affected",
              "version": "2024.2.0",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "2024.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eZero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\u003c/p\u003e\u003cp\u003eThe CloudVision versions listed in the \u201cAffected Software\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"\" src=\"https://www.arista.com/assets/images/article/SA115-1.png\"\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Zero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\n\nThe CloudVision versions listed in the \u201cAffected Software\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-08T18:37:13.981Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster\"\u003eUpgrade | Setup Guide | Arista CloudVision 2024.3 Help Center\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2025-0505 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cul\u003e\u003cul\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  Upgrade | Setup Guide | Arista CloudVision 2024.3 Help Center https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster \n\n\u00a0\n\nCVE-2025-0505 has been fixed in the following releases:\n\n  *  2024.2.2 and later releases in the 2024.2.x train\n  *  2024.3.1 and later releases in the 2024.3.x train"
        }
      ],
      "source": {
        "advisory": "115",
        "defect": [
          "BUG 1046170"
        ],
        "discovery": "INTERNAL"
      },
      "title": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\u003c/p\u003e\u003cpre\u003ecvpi disable ztp\ncvpi stop ztp\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe following command can be used to verify that the component is stopped:\u003c/p\u003e\u003cpre\u003ecvpi status ztp\n \nExecuting command. This may take some time...\nCompleted 1/1 discovered actions\nprimary  components total:1 running:0 disabled:1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe component may be enabled after upgrading to one the remediated software versions (See\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1\"\u003e\u0026nbsp;Resolution\u003c/a\u003e) using the following commands:\u003c/p\u003e\u003cpre\u003ecvpi enable ztp\ncvpi start ztp\u003c/pre\u003e\u003cbr\u003e"
            }
          ],
          "value": "The ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\n\ncvpi disable ztp\ncvpi stop ztp\n\n\n\u00a0\n\nThe following command can be used to verify that the component is stopped:\n\ncvpi status ztp\n \nExecuting command. This may take some time...\nCompleted 1/1 discovered actions\nprimary  components total:1 running:0 disabled:1\n\n\n\u00a0\n\nThe component may be enabled after upgrading to one the remediated software versions (See \u00a0Resolution https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1 ) using the following commands:\n\ncvpi enable ztp\ncvpi start ztp"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2025-0505",
    "datePublished": "2025-05-08T18:37:13.981Z",
    "dateReserved": "2025-01-15T19:34:32.801Z",
    "dateUpdated": "2025-05-08T18:56:19.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-V3M4-V33X-7JHP

CVE-2025-0505 (GCVE-0-2025-0505)

Tags

Sightings

Nomenclature