Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-8100
PUBLISHED
More InfoOfficial Page
Assigner-Arista
Assigner Org ID-c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7
View Known Exploited Vulnerability (KEV) details
Published At-08 May, 2025 | 18:31
Updated At-08 May, 2025 | 18:57
Rejected At-
▼CVE Numbering Authority (CNA)
On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

Affected Products
Vendor
Arista Networks, Inc.Arista Networks
Product
CloudVision
Default Status
unaffected
Versions
Affected
  • 2024.3.0 (custom)
  • From 2024.0 through 2024.2 (custom)
  • From 2023.3.0 through 2023.3.1 (custom)
  • From 2023.0 through 2023.2 (custom)
  • 2022 (custom)
  • 2021 (custom)
  • 2020 (custom)
  • 2019 (custom)
  • 2018 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.18.7HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Version: 3.1
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see CVP Software downloads https://www.arista.com/en/support/software-download   CVE-2024-8100 has been fixed in the following releases: * 2024.1.3 and later releases in the 2024.1.x train * 2024.2.2 and later releases in the 2024.2.x train * 2024.3.1 and later releases in the 2024.3.x train * 2025.1.0 and later releases in the 2025.1.x train

Configurations

No specific configuration is required to be vulnerable to CVE-2024-8100.

Workarounds

Best practice is for generated device onboarding tokens to be valid for a limited time duration, and for the Device Onboarding permission which allows the generation of these tokens to only be granted to trusted users. Successful exploit generally requires one of the following: * A rogue or compromised internal user with Device enrollment read/write permissions OR,   * A valid device onboarding token that is easily accessible beyond the expected set of trusted users If all users with Device Onboarding privileges are trusted, and onboarding tokens are properly secured, then the risk of this issue is limited.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116
N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found