CVE-2024-8100 HIGH

CVE-2024-8100: On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

Vendor Arista Networks
Product CloudVision
Weakness CWE-269
Published May 8, 2025
Last update May 8, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

Key dates

02Disclosure timeline

May 8, 2025 CVE published
May 8, 2025 Record updated