Security Advisory 0044
Date: December 4th, 2019
Version: 1.0
Revision | Date | Changes |
---|---|---|
1.0 | December 4, 2019 | Initial Release |
The CVE-ID tracking this issue is: CVE-2019-18181
CVSSv3 Base Score: 5.6 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
Description:
This advisory documents the impact of an internally found privilege escalation vulnerability where CloudVision Portal allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI. Bug 425371 tracks this vulnerability.
Affected Software Versions:
CloudVision Portal |
---|
All releases in the 2018.1 Code train |
All releases in the 2018.2 Code train |
For releases in the 2018.1 code train, the vulnerability allows unauthorized users to have read and write access for certain paths of the filesystem, whereas in the 2018.2 code train, the unauthorized user’s access is restricted to read-only.
Resolution:
The vulnerability is addressed in the 2019.1.0 and later versions of CloudVision Portal. We recommend upgrading to a remediated release to safeguard against this vulnerability.
Additionally, for the 2018.2 release train, a hotfix is available in the form of a python script that updates permissions for the affected APIs. For the 2018.1 code train, the suggested course of action is to upgrade to one of the remediated release versions (2019.1.0 and above).
Patch file download URL: SecAdvisory0044Hotfix.pyc
Sha512sum checksum for verification:
683eccf4ea8774d8d29d91c2aab5ceb18d9b41704d42350fa43ae8d8b72955d9054017ac0bbc887840b034df69116299d0230fc0c33e41c2422a9c019e2bb70d
Steps to run/validate the script:
- ESSH as a privileged user to the VM hosting the CVP application
- Create a directory for security patches using this command -
mkdir -p /cvpi/SecurityPatches/logs
- Copy the hotfix script to the above path and install the patch by running command
python SecAdvisory0044Hotfix.pyc
- On successful install the following message will be displayed:
Hotfix is applied successfully
- Logs are also stored in “/cvpi/SecurityPatches/logs” directory
Vulnerability References
For More Information:
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
Open a Service Request:
By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: 408-547-5502
866-476-0000