Lucene search

K
cvelistAristaCVELIST:CVE-2024-27889
HistoryMar 04, 2024 - 7:32 p.m.

CVE-2024-27889 Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW).

2024-03-0419:32:33
CWE-89
Arista
www.cve.org
3
cve-2024-27889
sql injection
arista edge threat management
reporting application
operating system
elevated privileges

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

28.8%

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Arista Edge Threat Management - Arista NG Firewall (NGFW)",
    "vendor": "Arista Networks",
    "versions": [
      {
        "lessThanOrEqual": "17.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

28.8%

Related for CVELIST:CVE-2024-27889