Arista NG Firewall (NGFW) Vulnerable to SQL Injection Attacks
CVE-2024-27889

8.8HIGH

Key Information:

Vendor: Arista Networks
Status: Arista Edge Threat Management - Arista Ng Firewall (ngfw)
Vendor: CVE Published:; 4 March 2024

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2024-27889?

The Arista NG Firewall (NGFW) is affected by multiple SQL Injection vulnerabilities within its reporting application. These vulnerabilities can be exploited by users with advanced access rights to manipulate queries and execute arbitrary commands on the underlying operating system, potentially gaining elevated privileges. This exploitation can lead to unauthorized access and control over sensitive systems and data.

Affected Version(s)

Arista Edge Threat Management - Arista NG Firewall (NGFW) 0 <= 17.0

References

https://https://www.arista.com/en/support/advisories-noti...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2024
Vulnerability Reserved
Feb 26, 2024

Credit

Arista would like to acknowledge and thank Gereon Huppertz, working with Trend Micro's Zero Day Initiative for responsibly reporting CVE-2024-27889