CVE-2019-18615

Published: Dic 19, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-8344 Aliases: GSD-2019-18615
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW 3,5
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: single
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0011
Percentile
0,3th
Updated

EPSS Score Trend (Last 90 Days)

312

Cleartext Storage of Sensitive Information

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Cloud Computing, ICS/OT, Mobile
View CWE Details
522

Insufficiently Protected Credentials

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
View CWE Details
Application

Cloudvision Portal by Arista

Product Information
Vendor Arista
Product Cloudvision Portal
Version Range Affected
From 2018.2.0 (inclusive)
To 2018.2.3 (inclusive)
cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.arista.com/en/support/advisories-notices/securi…
Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/9002-s…
https://www.arista.com/en/support/advisories-notices/securi…
Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/9002-s…