CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%
Revision | Date | Changes |
---|---|---|
1.0 | December 4, 2019 | Initial Release |
The CVE-ID tracking this issue is: CVE-2019-18181
CVSSv3 Base Score: 5.6 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
This advisory documents the impact of an internally found privilege escalation vulnerability where CloudVision Portal allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI. Bug 425371 tracks this vulnerability.
All releases in the 2018.1 Code train
All releases in the 2018.2 Code train
For releases in the 2018.1 code train, the vulnerability allows unauthorized users to have read and write access for certain paths of the filesystem, whereas in the 2018.2 code train, the unauthorized userβs access is restricted to read-only.
The vulnerability is addressed in the 2019.1.0 and later versions of CloudVision Portal. We recommend upgrading to a remediated release to safeguard against this vulnerability.
Additionally, for the 2018.2 release train, a hotfix is available in the form of a python script that updates permissions for the affected APIs. For the 2018.1 code train, the suggested course of action is to upgrade to one of the remediated release versions (2019.1.0 and above).
Patch file download URL: SecAdvisory0044Hotfix.pyc
Sha512sum checksum for verification:
683eccf4ea8774d8d29d91c2aab5ceb18d9b41704d42350fa43ae8d8b72955d9054017ac0bbc887840b034df69116299d0230fc0c33e41c2422a9c019e2bb70d
Steps to run/validate the script:
ESSH as a privileged user to the VM hosting the CVP application
Create a directory for security patches using this command -
mkdir -p /cvpi/SecurityPatches/logs
Copy the hotfix script to the above path and install the patch by running command
python SecAdvisory0044Hotfix.pyc
On successful install the following message will be displayed:
Hotfix is applied successfully
Logs are also stored in β/cvpi/SecurityPatches/logsβ directory
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: 408-547-5502
866-476-0000
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%