Main Vulnerability Database Vulnerabilities #VU109370

Missing Encryption of Sensitive Data in CloudVision Appliance - CVE-2024-7142

Published: May 17, 2025

Vulnerability identifier: #VU109370

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-7142

CWE-ID: CWE-311

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Arista Networks

Affected software:
CloudVision Appliance

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to hardware disk encryption can fail under certain circumstances. An attacker with physical access to the system can remove the unencrypted disk from the affected system and read the data.

How to mitigate CVE-2024-7142

Install updates from vendor's website.

Sources

https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104

Missing Encryption of Sensitive Data in CloudVision Appliance - CVE-2024-7142

Detailed vulnerability description

How to mitigate CVE-2024-7142

Sources

Please verify you're human