Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7142", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2024-07-26T18:43:29.610Z", "datePublished": "2025-01-10T21:18:27.988Z", "dateUpdated": "2025-01-13T15:01:15.191Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CloudVision Appliance", "vendor": "Arista Networks", "versions": [{"status": "affected", "version": "5.0.2", "versionType": "custom"}, {"lessThanOrEqual": "6.0.6", "status": "affected", "version": "6.0.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Systems are affected if disk encryption has been enabled using the <b>cva disk encryption enable</b> command. Whether a system is currently in the affected configuration can be determined with the following steps.</p><h4>Preliminary steps</h4><p>To run the checks described below, it is necessary to run the <b>racadm</b> tool in the privileged mode. The tool is available under the <b>racadm</b> command in CVA version 5 and 6.</p><p>The user will need to know the Fully Qualified Device Descriptor (FQDD) of the RAID controller(s) and the virtual disks. These can be retrieved with the following commands.</p><ul><li>To get the list of FQDD of the RAID controllers, use <b>racadm storage get controllers</b>.<br>The RAID controller(s) will be listed among the others.<div> </div></li><li>To get the list of FQDD of the virtual disks, run <b>racadm storage get vdisks</b> .</li></ul><p>The following is an example from a running a system:</p><pre>[root@cv ~]# racadm storage get controllers\nRAID.SL.3-1\nAHCI.Embedded.2-1\nAHCI.Embedded.1-1\n \n[root@cv ~]# racadm storage get vdisks\nDisk.Virtual.239:RAID.SL.3-1\nDisk.Virtual.238:RAID.SL.3-1\n</pre><p>Adding the <b>-o</b> key to both of these commands will output the properties against each device which include the name and the security status. In addition, the -p option allows the user to query a specific set of properties of the devices. Check <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.dell.com/support\">https://www.dell.com/support</a> for further details on the <b>racadm</b> command and its options.</p><br>"}], "value": "Systems are affected if disk encryption has been enabled using the cva disk encryption enable\u00a0command. Whether a system is currently in the affected configuration can be determined with the following steps.\n\nPreliminary stepsTo run the checks described below, it is necessary to run the racadm\u00a0tool in the privileged mode. The tool is available under the racadm\u00a0command in CVA version 5 and 6.\n\nThe user will need to know the Fully Qualified Device Descriptor (FQDD) of the RAID controller(s) and the virtual disks. These can be retrieved with the following commands.\n\n * To get the list of FQDD of the RAID controllers, use racadm storage get controllers.\nThe RAID controller(s) will be listed among the others.\u00a0\n\n\n * To get the list of FQDD of the virtual disks, run racadm storage get vdisks\u00a0.\n\n\nThe following is an example from a running a system:\n\n[root@cv ~]# racadm storage get controllers\nRAID.SL.3-1\nAHCI.Embedded.2-1\nAHCI.Embedded.1-1\n \n[root@cv ~]# racadm storage get vdisks\nDisk.Virtual.239:RAID.SL.3-1\nDisk.Virtual.238:RAID.SL.3-1\n\n\nAdding the -o\u00a0key to both of these commands will output the properties against each device which include the name and the security status. In addition, the -p option allows the user to query a specific set of properties of the devices. Check https://www.dell.com/support \u00a0for further details on the racadm\u00a0command and its options."}], "datePublic": "2024-09-24T20:06:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them"}], "value": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them"}], "impacts": [{"capecId": "CAPEC-131", "descriptions": [{"lang": "en", "value": "CAPEC-131 Resource Leak Exposure"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-01-10T21:18:27.988Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.</p><p>For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/qsg-cva-350e-cv\">CloudVision Appliance 350E-CV - Arista</a>.</p><div> </div><div>CVE-2024-7142 has been fixed in the following releases:</div><ul><li>CVA 6.0.7</li></ul><p>If the user runs the <b>cva disk encryption enable</b> command in the aforementioned releases containing the fix, the disks will be properly encrypted.</p><p>In addition, the upgrade from a vulnerable CVA version to the versions mentioned above will fix the issue automatically.</p><ul><li>If the key/password pair is found during the upgrade, the upgrade process will encrypt the disks properly. Just to be clear, if this upgrade process <i>does not notice</i> the corresponding key/password pair on the system, it will preserve the original intent of the user and <i>will not </i>encrypt the disks.<div> </div></li><li>If the user no longer wants to encrypt the disks even though they previously ran <b>cva disk encryption enable </b>command on a vulnerable release, <b>cva disk encryption disable</b> command must be run <i>before the upgrade. </i>This <b>disable</b> option will not be available on the new releases</li></ul><br>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nFor more information about upgrading see CloudVision Appliance 350E-CV - Arista https://www.arista.com/en/qsg-cva-350e-cv .\n\n\u00a0\n\nCVE-2024-7142 has been fixed in the following releases:\n\n * CVA 6.0.7\n\n\nIf the user runs the cva disk encryption enable\u00a0command in the aforementioned releases containing the fix, the disks will be properly encrypted.\n\nIn addition, the upgrade from a vulnerable CVA version to the versions mentioned above will fix the issue automatically.\n\n * If the key/password pair is found during the upgrade, the upgrade process will encrypt the disks properly. Just to be clear, if this upgrade process does not notice\u00a0the corresponding key/password pair on the system, it will preserve the original intent of the user and will not encrypt the disks.\u00a0\n\n\n * If the user no longer wants to encrypt the disks even though they previously ran cva disk encryption enable command on a vulnerable release, cva disk encryption disable\u00a0command must be run before the upgrade. This disable\u00a0option will not be available on the new releases"}], "source": {"advisory": "104", "defect": ["BUG 984230"], "discovery": "INTERNAL"}, "title": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>To manually fix the issue on a vulnerable system determined by following the steps depicted in the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-2\">Determining a vulnerable device</a> section, run the following commands to enable the encryption of the virtual disks. The FQDD of the RAID controller(s) and virtual disks will be needed for this mitigation. See the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-3\">Preliminary steps</a> section on how to retrieve them. Note as the security key was set before on this vulnerable system, it is not needed to set it again here. Please see the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-4\">Caveats</a> section for more information.</p><p>Generally, the overall process takes up to 10 minutes. The performance of a running system is not expected to degrade when the following steps are carried out.</p><ol><li>Encrypt all virtual disks that belong to the RAID controller by running the following command for each of them:<br><pre>racadm storage encryptvd:<virtual drive FQDD></pre><div> </div></li><li>Create the job for the RAID controller and monitor its progress:<br><pre>racadm jobqueue create <RAID controller FQDD> --realtime</pre><div> </div>This command must return the scheduled configuration job ID in its output. Look for <b>Commit JID = JID_xxxxx </b>in the output.<br>Then check the status of this job with <b>racadm jobqueue view -i <jobId></b>. It will take up to 10 minutes to complete.<div> </div></li><li>After the job is complete, run the following command to see if all the virtual disks are encrypted.<br><pre>racadm storage get vdisks --refkey <RAID controller FQDD> -o</pre><p>The output should show<b> Secured = YES</b> against each one of them.</p></li></ol><p>The following is an example of the aforementioned steps.</p><pre>[root@cv ~]# <b>racadm storage encryptvd:Disk.Virtual.238:RAID.SL.3-1</b>\nSTOR094 : The storage configuration operation is successfully completed\nand the change is in pending state.\n<--snip\u2014->\n \n[root@cv ~]# <b>racadm jobqueue create RAID.SL.3-1 --realtime</b>\nRAC1024: Successfully scheduled a job.\nVerify the job status using \"racadm jobqueue view -i JID_xxxxx\" command.\nCommit JID = JID_218438865303\n \n[root@cv ~]# <b>racadm jobqueue view -i JID_218438865303</b>\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\n<b>Status=Running</b>\n<--snip\u2014->\n<b>Percent Complete=[1]</b>\n \n[root@cv ~]# <b>racadm jobqueue view -i JID_218438865303</b>\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\n<b>Status=Completed</b>\n<--snip\u2014->\n<b>Percent Complete=[100]</b>\n \n[root@cv ~]# <b>racadm storage get vdisks --refkey RAID.SL.3-1 -o</b>\n \nDisk.Virtual.238:RAID.SL.3-1\n Status = Ok\n DeviceDescription = Virtual Disk 238 on RAID Controller in SL 3\n Name = os\n<--snip\u2014->\n <b> Secured = YES</b>\n<--snip\u2014->\n \nDisk.Virtual.239:RAID.SL.3-1\n Status = Ok\n DeviceDescription = Virtual Disk 239 on RAID Controller in SL 3\n Name = data\n<--snip\u2014->\n<b> Secured = YES</b>\n<--snip\u2014-></pre><br>"}], "value": "To manually fix the issue on a vulnerable system determined by following the steps depicted in the Determining a vulnerable device https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-2 \u00a0section, run the following commands to enable the encryption of the virtual disks. The FQDD of the RAID controller(s) and virtual disks will be needed for this mitigation. See the Preliminary steps https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-3 \u00a0section on how to retrieve them. Note as the security key was set before on this vulnerable system, it is not needed to set it again here. Please see the Caveats https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-4 \u00a0section for more information.\n\nGenerally, the overall process takes up to 10 minutes. The performance of a running system is not expected to degrade when the following steps are carried out.\n\n * Encrypt all virtual disks that belong to the RAID controller by running the following command for each of them:\nracadm storage encryptvd:<virtual drive FQDD>\n\n\u00a0\n\n\n * Create the job for the RAID controller and monitor its progress:\nracadm jobqueue create <RAID controller FQDD> --realtime\n\n\u00a0\n\nThis command must return the scheduled configuration job ID in its output. Look for Commit JID = JID_xxxxx in the output.\nThen check the status of this job with racadm jobqueue view -i <jobId>. It will take up to 10 minutes to complete.\u00a0\n\n\n * After the job is complete, run the following command to see if all the virtual disks are encrypted.\nracadm storage get vdisks --refkey <RAID controller FQDD> -o\n\nThe output should show\u00a0Secured = YES\u00a0against each one of them.\n\n\nThe following is an example of the aforementioned steps.\n\n[root@cv ~]# racadm storage encryptvd:Disk.Virtual.238:RAID.SL.3-1\nSTOR094 : The storage configuration operation is successfully completed\nand the change is in pending state.\n<--snip\u2014->\n \n[root@cv ~]# racadm jobqueue create RAID.SL.3-1 --realtime\nRAC1024: Successfully scheduled a job.\nVerify the job status using \"racadm jobqueue view -i JID_xxxxx\" command.\nCommit JID = JID_218438865303\n \n[root@cv ~]# racadm jobqueue view -i JID_218438865303\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\nStatus=Running\n<--snip\u2014->\nPercent Complete=[1]\n \n[root@cv ~]# racadm jobqueue view -i JID_218438865303\n---------------------------- JOB -------------------------\n[Job ID=JID_218438865303]\nJob Name=Configure: RAID.SL.3-1\nStatus=Completed\n<--snip\u2014->\nPercent Complete=[100]\n \n[root@cv ~]# racadm storage get vdisks --refkey RAID.SL.3-1 -o\n \nDisk.Virtual.238:RAID.SL.3-1\n\u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Ok\n\u00a0 \u00a0DeviceDescription \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Virtual Disk 238 on RAID Controller in SL 3\n\u00a0 \u00a0Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = os\n<--snip\u2014->\n\u00a0 \u00a0Secured \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = YES\n<--snip\u2014->\n\u00a0 \u00a0\nDisk.Virtual.239:RAID.SL.3-1\n\u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Ok\n\u00a0 \u00a0DeviceDescription \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = Virtual Disk 239 on RAID Controller in SL 3\n\u00a0 \u00a0Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = data\n<--snip\u2014->\n\u00a0 \u00a0Secured \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 = YES\n<--snip\u2014->"}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-13T15:01:00.479223Z", "id": "CVE-2024-7142", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T15:01:15.191Z"}}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat