Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7142— On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them

CVSS 4.6 · Medium EPSS 0.02% · P7
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7142

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
Source: NVD (National Vulnerability Database)
Vulnerability Description
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据加密缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
CloudVision Portal 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Arista Networks CloudVision Portal是美国Arista Networks公司的一套用于CloudVision平台的、基于Web的用户管理门户。该产品包括网络设备配置、合规性管理、变更管理和网络监控管理等功能。 CloudVision Portal存在安全漏洞,该漏洞源于在支持硬件磁盘加密的设备上运行的Arista CloudVision Appliance中,磁盘加密可能无法成功执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Arista NetworksCloudVision Appliance 5.0.2 -

II. Public POCs for CVE-2024-7142

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-7142

登录查看更多情报信息。

Same Patch Batch · Arista Networks · 2025-01-10 · 13 CVEs total

CVE-2024-91888.8 HIGHSpecially constructed queries cause cross platform scripting leaking administrator tokens
CVE-2024-475198.3 HIGHBackup uploads to ETM subject to man-in-the-middle interception
CVE-2024-91348.3 HIGHMultiple SQL Injection vulnerabilities exist in the reporting application. A user with ad
CVE-2024-91328.1 HIGHThe administrator is able to configure an insecure captive portal script
CVE-2024-475207.6 HIGHA user with advanced report application access rights can perform actions for which they a
CVE-2024-91317.2 HIGHA user with administrator privileges can perform command injection
CVE-2024-475176.8 MEDIUMExpired and unusable administrator authentication tokens can be revealed by units that hav
CVE-2024-91336.6 MEDIUMA user with administrator privileges is able to retrieve authentication tokens
CVE-2024-58726.5 MEDIUMOn affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN t
CVE-2024-475186.4 MEDIUMSpecially constructed queries targeting ETM could discover active remote access sessions
CVE-2024-64375.8 MEDIUMOn affected platforms running Arista EOS with one of the following features configured to
CVE-2024-70954.3 MEDIUMOn affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit ma

IV. Related Vulnerabilities

Same vendor: Arista Networks
Same weakness: CWE-311

V. Comments for CVE-2024-7142

No comments yet

Leave a comment