CVE-2024-27889 (GCVE-0-2024-27889)
Vulnerability from cvelistv5
Published
2024-03-04 19:32
Modified
2024-08-02 00:41
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
References
Impacted products
Vendor Product Version
Arista Networks Arista Edge Threat Management - Arista NG Firewall (NGFW) Version: 0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T16:07:39.878688Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:15.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:41:55.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Arista Edge Threat Management - Arista NG Firewall (NGFW)",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "17.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\n"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Arista would like to acknowledge and thank Gereon Huppertz, working with Trend Micro\u0027s Zero Day Initiative for responsibly reporting CVE-2024-27889"
        }
      ],
      "datePublic": "2024-02-28T19:24:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMultiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Arista is not aware of any exploitation of this vulnerability in customer networks."
            }
          ],
          "value": "Arista is not aware of any exploitation of this vulnerability in customer networks."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-108",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-108 Command Line Execution through SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-04T19:32:33.109Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below and apply the hotfix at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.1 Upgrade\u003c/li\u003e\u003cli\u003e17.0 (requires Hotfix)\u003cbr\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eTo resolve click the following link for instructions to either upgrading or apply a hotfix patch:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wiki.edge.arista.com/index.php/Patch_-_Report_vulnerability\"\u003eClick here for the hotfix and instructions on resolving this issue\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to the version indicated below and apply the hotfix at your earliest convenience.\n\n  *  17.1 Upgrade\n  *  17.0 (requires Hotfix)\n\u00a0\n\nTo resolve click the following link for instructions to either upgrading or apply a hotfix patch:\n Click here for the hotfix and instructions on resolving this issue https://wiki.edge.arista.com/index.php/Patch_-_Report_vulnerability \n\n\n"
        }
      ],
      "source": {
        "advisory": "93",
        "defect": [
          "NGFW-14509"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW).",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFor the Reports application, for all Reports Users, disable \u003c/span\u003e\u003ci\u003eOnline Access.\u003cbr\u003e\u003cp\u003eTo do this:\u003c/p\u003e\u003cp\u003e\u003cb\u003e2.\u003c/b\u003e\u0026nbsp;As the NGFW administrator, log into the UI and go to the Reports application.\u003c/p\u003e\u003cp\u003e\u003cb\u003e3.\u003c/b\u003e\u0026nbsp;For all users with the Online Access checkbox (red box) enabled, uncheck it.\u003c/p\u003e\u003cp\u003e\u003cb\u003e4.\u003c/b\u003e\u0026nbsp;Click Save.\u003c/p\u003e\u003cbr\u003e\u003c/i\u003e\u003cbr\u003e"
            }
          ],
          "value": "For the Reports application, for all Reports Users, disable Online Access.\nTo do this:\n\n2.\u00a0As the NGFW administrator, log into the UI and go to the Reports application.\n\n3.\u00a0For all users with the Online Access checkbox (red box) enabled, uncheck it.\n\n4.\u00a0Click Save.\n\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2024-27889",
    "datePublished": "2024-03-04T19:32:33.109Z",
    "dateReserved": "2024-02-26T18:06:32.160Z",
    "dateUpdated": "2024-08-02T00:41:55.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27889\",\"sourceIdentifier\":\"psirt@arista.com\",\"published\":\"2024-03-04T20:15:50.503\",\"lastModified\":\"2025-10-22T13:49:56.060\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\\n\"},{\"lang\":\"es\",\"value\":\"Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la aplicaci\u00f3n de informes de Arista Edge Threat Management - Arista NG Firewall (NGFW). Un usuario con derechos avanzados de acceso a la aplicaci\u00f3n de informes puede aprovechar la inyecci\u00f3n SQL, permiti\u00e9ndole ejecutar comandos en el sistema operativo subyacente con privilegios elevados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arista:ng_firewall:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.0\",\"matchCriteriaId\":\"9C21E505-FB54-4C13-8653-F078F62601F9\"}]}]}],\"references\":[{\"url\":\"https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093\",\"source\":\"psirt@arista.com\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]},{\"url\":\"https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\",\"Broken Link\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:41:55.605Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27889\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-05T16:07:39.878688Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:15.342Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW).\", \"source\": {\"defect\": [\"NGFW-14509\"], \"advisory\": \"93\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Arista would like to acknowledge and thank Gereon Huppertz, working with Trend Micro\u0027s Zero Day Initiative for responsibly reporting CVE-2024-27889\"}], \"impacts\": [{\"capecId\": \"CAPEC-108\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-108 Command Line Execution through SQL Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"product\": \"Arista Edge Threat Management - Arista NG Firewall (NGFW)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"17.0\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Arista is not aware of any exploitation of this vulnerability in customer networks.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Arista is not aware of any exploitation of this vulnerability in customer networks.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The recommended resolution is to upgrade to the version indicated below and apply the hotfix at your earliest convenience.\\n\\n  *  17.1 Upgrade\\n  *  17.0 (requires Hotfix)\\n\\u00a0\\n\\nTo resolve click the following link for instructions to either upgrading or apply a hotfix patch:\\n Click here for the hotfix and instructions on resolving this issue https://wiki.edge.arista.com/index.php/Patch_-_Report_vulnerability \\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below and apply the hotfix at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.1 Upgrade\u003c/li\u003e\u003cli\u003e17.0 (requires Hotfix)\u003cbr\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eTo resolve click the following link for instructions to either upgrading or apply a hotfix patch:\u003cbr\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://wiki.edge.arista.com/index.php/Patch_-_Report_vulnerability\\\"\u003eClick here for the hotfix and instructions on resolving this issue\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-02-28T19:24:00.000Z\", \"references\": [{\"url\": \"https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"For the Reports application, for all Reports Users, disable Online Access.\\nTo do this:\\n\\n2.\\u00a0As the NGFW administrator, log into the UI and go to the Reports application.\\n\\n3.\\u00a0For all users with the Online Access checkbox (red box) enabled, uncheck it.\\n\\n4.\\u00a0Click Save.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eFor the Reports application, for all Reports Users, disable \u003c/span\u003e\u003ci\u003eOnline Access.\u003cbr\u003e\u003cp\u003eTo do this:\u003c/p\u003e\u003cp\u003e\u003cb\u003e2.\u003c/b\u003e\u0026nbsp;As the NGFW administrator, log into the UI and go to the Reports application.\u003c/p\u003e\u003cp\u003e\u003cb\u003e3.\u003c/b\u003e\u0026nbsp;For all users with the Online Access checkbox (red box) enabled, uncheck it.\u003c/p\u003e\u003cp\u003e\u003cb\u003e4.\u003c/b\u003e\u0026nbsp;Click Save.\u003c/p\u003e\u003cbr\u003e\u003c/i\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eMultiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIf the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2024-03-04T19:32:33.109Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-27889\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T00:41:55.605Z\", \"dateReserved\": \"2024-02-26T18:06:32.160Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2024-03-04T19:32:33.109Z\", \"assignerShortName\": \"Arista\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.