Arista Networks Arista Edge Threat Management vulnerabilities
9 known vulnerabilities affecting arista_networks/arista_edge_threat_management.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-9134P3HIGHCVSS 8.3≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-9134 [HIGH] CWE-89 CVE-2024-9134: Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced rep
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
nvd
CVE-2024-9131P3HIGHCVSS 7.2≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-9131 [HIGH] CWE-88 CVE-2024-9131: A user with administrator privileges can perform command injection
A user with administrator privileges can perform command injection
nvd
CVE-2024-9132P3CRITICALCVSS 9.8≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-9132 [CRITICAL] CWE-94 CVE-2024-9132: The administrator is able to configure an insecure captive portal script
The administrator is able to configure an insecure captive portal script
nvd
CVE-2024-47518P3HIGHCVSS 7.6≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-47518 [HIGH] CWE-552 CVE-2024-47518: Specially constructed queries targeting ETM could discover active remote access sessions
Specially constructed queries targeting ETM could discover active remote access sessions
nvd
CVE-2024-9188P3HIGHCVSS 8.8≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-9188 [HIGH] CWE-79 CVE-2024-9188: Specially constructed queries cause cross platform scripting leaking administrator tokens
Specially constructed queries cause cross platform scripting leaking administrator tokens
nvd
CVE-2024-47520P3HIGHCVSS 7.6≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-47520 [HIGH] CWE-653 CVE-2024-47520: A user with advanced report application access rights can perform actions for which they are not aut
A user with advanced report application access rights can perform actions for which they are not authorized
nvd
CVE-2024-47517P3MEDIUMCVSS 6.8≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-47517 [MEDIUM] CWE-1230 CVE-2024-47517: Expired and unusable administrator authentication tokens can be revealed by units that have timed ou
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
nvd
CVE-2024-47519P4HIGHCVSS 7.1≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-47519 [HIGH] CWE-322 CVE-2024-47519: Backup uploads to ETM subject to man-in-the-middle interception
Backup uploads to ETM subject to man-in-the-middle interception
nvd
CVE-2024-9133P4MEDIUMCVSS 5.6≥ 17.1.0, ≤ 17.1.12025-01-10
CVE-2024-9133 [MEDIUM] CWE-287 CVE-2024-9133: A user with administrator privileges is able to retrieve authentication tokens
A user with administrator privileges is able to retrieve authentication tokens
nvd