Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
No advisories yet.
Solution
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see CloudVision Appliance 350E-CV - Arista https://www.arista.com/en/qsg-cva-350e-cv . CVE-2024-7142 has been fixed in the following releases: * CVA 6.0.7 If the user runs the cva disk encryption enable command in the aforementioned releases containing the fix, the disks will be properly encrypted. In addition, the upgrade from a vulnerable CVA version to the versions mentioned above will fix the issue automatically. * If the key/password pair is found during the upgrade, the upgrade process will encrypt the disks properly. Just to be clear, if this upgrade process does not notice the corresponding key/password pair on the system, it will preserve the original intent of the user and will not encrypt the disks. * If the user no longer wants to encrypt the disks even though they previously ran cva disk encryption enable command on a vulnerable release, cva disk encryption disable command must be run before the upgrade. This disable option will not be available on the new releases
Workaround
To manually fix the issue on a vulnerable system determined by following the steps depicted in the Determining a vulnerable device https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-2 section, run the following commands to enable the encryption of the virtual disks. The FQDD of the RAID controller(s) and virtual disks will be needed for this mitigation. See the Preliminary steps https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-3 section on how to retrieve them. Note as the security key was set before on this vulnerable system, it is not needed to set it again here. Please see the Caveats https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104#pageLink-4 section for more information. Generally, the overall process takes up to 10 minutes. The performance of a running system is not expected to degrade when the following steps are carried out. * Encrypt all virtual disks that belong to the RAID controller by running the following command for each of them: racadm storage encryptvd:<virtual drive FQDD> * Create the job for the RAID controller and monitor its progress: racadm jobqueue create <RAID controller FQDD> --realtime This command must return the scheduled configuration job ID in its output. Look for Commit JID = JID_xxxxx in the output. Then check the status of this job with racadm jobqueue view -i <jobId>. It will take up to 10 minutes to complete. * After the job is complete, run the following command to see if all the virtual disks are encrypted. racadm storage get vdisks --refkey <RAID controller FQDD> -o The output should show Secured = YES against each one of them. The following is an example of the aforementioned steps. [root@cv ~]# racadm storage encryptvd:Disk.Virtual.238:RAID.SL.3-1 STOR094 : The storage configuration operation is successfully completed and the change is in pending state. <--snip—-> [root@cv ~]# racadm jobqueue create RAID.SL.3-1 --realtime RAC1024: Successfully scheduled a job. Verify the job status using "racadm jobqueue view -i JID_xxxxx" command. Commit JID = JID_218438865303 [root@cv ~]# racadm jobqueue view -i JID_218438865303 ---------------------------- JOB ------------------------- [Job ID=JID_218438865303] Job Name=Configure: RAID.SL.3-1 Status=Running <--snip—-> Percent Complete=[1] [root@cv ~]# racadm jobqueue view -i JID_218438865303 ---------------------------- JOB ------------------------- [Job ID=JID_218438865303] Job Name=Configure: RAID.SL.3-1 Status=Completed <--snip—-> Percent Complete=[100] [root@cv ~]# racadm storage get vdisks --refkey RAID.SL.3-1 -o Disk.Virtual.238:RAID.SL.3-1 Status = Ok DeviceDescription = Virtual Disk 238 on RAID Controller in SL 3 Name = os <--snip—-> Secured = YES <--snip—-> Disk.Virtual.239:RAID.SL.3-1 Status = Ok DeviceDescription = Virtual Disk 239 on RAID Controller in SL 3 Name = data <--snip—-> Secured = YES <--snip—->
Mon, 13 Jan 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jan 2025 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them | |
| Title | On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them | |
| Weaknesses | CWE-311 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Arista
Published:
Updated: 2025-01-13T15:01:15.191Z
Reserved: 2024-07-26T18:43:29.610Z
Link: CVE-2024-7142
Vulnrichment
Updated: 2025-01-13T15:01:07.956Z
NVD
Status : Received
Published: 2025-01-10T22:15:26.403
Modified: 2025-01-10T22:15:26.403
Link: CVE-2024-7142
Redhat
No data.
OpenCVE Enrichment
No data.