The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Upgrade | Setup Guide | Arista CloudVision 2024.3 Help Center https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster   CVE-2025-0505 has been fixed in the following releases: * 2024.2.2 and later releases in the 2024.2.x train * 2024.3.1 and later releases in the 2024.3.x train

Zero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability. The CloudVision versions listed in the “Affected Software” section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI.

The ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision): cvpi disable ztp cvpi stop ztp   The following command can be used to verify that the component is stopped: cvpi status ztp Executing command. This may take some time... Completed 1/1 discovered actions primary components total:1 running:0 disabled:1   The component may be enabled after upgrading to one the remediated software versions (See  Resolution https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1 ) using the following commands: cvpi enable ztp cvpi start ztp