Description
On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
References (1)
Core 1
Core References
Scores
CVSS v3
10.0
EPSS
0.0058
EPSS Percentile
42.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (2)
Arista Networks/CloudVision Portal
2024.2.0 - 2024.2.1
Arista Networks/CloudVision Portal
2024.3.0
Published
May 08, 2025
Tracked Since
Feb 18, 2026