On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
The Zero Touch Provisioning mechanism, designed to automatically configure network devices without administrator intervention, can be abused by a network attacker without any authentication. By exploiting ZTP, the attacker gains administrative privileges on the CloudVision system — broader than necessary for normal operation (CWE-269: Improper Privilege Management). The vulnerability affects only on-premise deployments — both physical and virtual; the CloudVision as-a-Service offering is not vulnerable.
An attacker gains excessive administrative privileges on the CloudVision system, allowing them to read and modify the state and configuration of all network devices under management by this platform. This can lead to complete compromise of the managed network infrastructure.
Apply patches available from the vendor according to references (Security Advisory 0115 published by Arista Networks at https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115). It is also recommended to consider restricting network access to ZTP and CloudVision interfaces only to trusted network segments until updates are applied.
Arista CloudVision — on-premise deployments (on-premise), both physical and virtual. The CloudVision as-a-Service (cloud) offering is not vulnerable. Detailed listings of affected product versions are available in the vendor's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N