CVE-2024-11186

{"id": "CVE-2024-11186", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@arista.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2025-05-08T19:15:57.100", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21314-security-advisory-0114", "source": "psirt@arista.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@arista.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service."}, {"lang": "es", "value": "En las versiones afectadas de CloudVision Portal, los controles de acceso inadecuados podr\u00edan permitir que un usuario autenticado malintencionado realice acciones m\u00e1s amplias de lo previsto en dispositivos EOS administrados. Este aviso afecta a los productos de Arista CloudVision Portal cuando se ejecutan localmente. No afecta a CloudVision como servicio."}], "lastModified": "2025-05-12T17:32:52.810", "sourceIdentifier": "psirt@arista.com"}