Command Injection Vulnerability in Arista NG Firewall
CVE-2024-12829

8.8HIGH

Key Information:

Vendor: Arista Networks
Status: Ng Firewall
Vendor: CVE Published:; 20 December 2024

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2024-12829?

CVE-2024-12829 identifies a command injection vulnerability within the Arista NG Firewall's ExecManagerImpl class. This security flaw allows authenticated remote attackers to execute arbitrary code with root privileges by exploiting insufficient validation of user-supplied input in system calls. Given the critical nature of this vulnerability, timely updates and patches are essential to prevent potential exploitation by malicious actors. For detailed information on the vulnerability, refer to the ZDI advisory ZDI-24-1717.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1717/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2024