On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
References
Configurations
No configuration.
History
12 May 2025, 17:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 May 2025, 19:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-08 19:16
Updated : 2025-05-12 17:32
NVD link : CVE-2025-0505
Mitre link : CVE-2025-0505
CVE.ORG link : CVE-2025-0505
JSON object : View
Products Affected
No product.
CWE
CWE-269
Improper Privilege Management