cve-2024-9134
Vulnerability from cvelistv5
Published
2025-01-10 21:44
Modified
2025-01-13 20:14
Summary
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
Impacted products
Vendor Product Version
Arista Networks Arista Edge Threat Management Version: 17.1.0   <
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9134",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-13T20:13:52.238229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-13T20:14:00.556Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Arista Edge Threat Management",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "17.1.1",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIf the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Reports application.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-4.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe above picture shows the configuration panel for user access. The \u201c\u003ca target=\"_blank\" rel=\"nofollow\"\u003ereportuser@domain.com\u003c/a\u003e\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cp\u003eAny compromise will reveal itself via the postgres user running a non-standard postgres process. \u0026nbsp;\u003c/p\u003e\u003cp\u003eFor example, an appropriate process list for running the postgres database will look like:\u003c/p\u003e\u003cpre\u003e# ps -u postgres -f\nUID \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; PID \u0026nbsp; PPID  C STIME TTY  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; TIME CMD\npostgres  94057  \u0026nbsp; \u0026nbsp; 1  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres  94063  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:02 postgres: 13/main: checkpointer\npostgres  94064  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: background writer\npostgres  94065  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:12 postgres: 13/main: walwriter\npostgres  94066  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: autovacuum launcher\npostgres  94067  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:01 postgres: 13/main: stats collector\npostgres  94068  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: logical replication launcher\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eAdditional processes run by the postgres user indicating a potential compromise may look like:\u003c/p\u003e\u003cpre\u003epostgres 100172 100171  0 Feb06 pts/2  \u0026nbsp; 00:00:00 bash\u003c/pre\u003e\u003cbr\u003e"
            }
          ],
          "value": "If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n  *  As the NGFW administrator, log into the UI and navigate to the Reports application.\n\n\nThe above picture shows the configuration panel for user access. The \u201creportuser@domain.com\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\n\nIndicators of CompromiseAny compromise will reveal itself via the postgres user running a non-standard postgres process. \u00a0\n\nFor example, an appropriate process list for running the postgres database will look like:\n\n# ps -u postgres -f\nUID \u00a0 \u00a0 \u00a0 \u00a0 PID \u00a0 PPID  C STIME TTY  \u00a0 \u00a0 \u00a0 \u00a0 TIME CMD\npostgres  94057  \u00a0 \u00a0 1  0 Feb06 ?  \u00a0 \u00a0 \u00a0 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres  94063  94057  0 Feb06 ?  \u00a0 \u00a0 \u00a0 00:00:02 postgres: 13/main: checkpointer\npostgres  94064  94057  0 Feb06 ?  \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: background writer\npostgres  94065  94057  0 Feb06 ?  \u00a0 \u00a0 \u00a0 00:00:12 postgres: 13/main: walwriter\npostgres  94066  94057  0 Feb06 ?  \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: autovacuum launcher\npostgres  94067  94057  0 Feb06 ?  \u00a0 \u00a0 \u00a0 00:00:01 postgres: 13/main: stats collector\npostgres  94068  94057  0 Feb06 ?  \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: logical replication launcher\n\n\n\u00a0\n\nAdditional processes run by the postgres user indicating a potential compromise may look like:\n\npostgres 100172 100171  0 Feb06 pts/2  \u00a0 00:00:00 bash"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mehmet INCE from PRODAFT.com"
        }
      ],
      "datePublic": "2024-10-29T20:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMultiple SQL Injection vulnerabilities exist in the reporting application.  A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Multiple SQL Injection vulnerabilities exist in the reporting application.  A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66 SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-10T21:44:17.415Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n  *  17.2 Upgrade"
        }
      ],
      "source": {
        "advisory": "105",
        "defect": [
          "NGFW-14721"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Multiple SQL Injection vulnerabilities exist in the reporting application.  A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eFor the Reports application, for all Reports Users, disable \u003ci\u003eOnline Access.\u003c/i\u003e\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-5.png\"\u003e\u003c/p\u003e\u003cdiv\u003eTo do this:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and go to the Reports application.\u003c/li\u003e\u003cli\u003eFor all users with the \u003ci\u003eOnline Access\u003c/i\u003e\u0026nbsp;checkbox (red box) enabled, uncheck it.\u003c/li\u003e\u003cli\u003eClick Save.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
            }
          ],
          "value": "For the Reports application, for all Reports Users, disable Online Access.\n\n\n\nTo do this:\n\n  *  As the NGFW administrator, log into the UI and go to the Reports application.\n  *  For all users with the Online Access\u00a0checkbox (red box) enabled, uncheck it.\n  *  Click Save."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2024-9134",
    "datePublished": "2025-01-10T21:44:17.415Z",
    "dateReserved": "2024-09-23T22:01:04.566Z",
    "dateUpdated": "2025-01-13T20:14:00.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-9134\",\"sourceIdentifier\":\"psirt@arista.com\",\"published\":\"2025-01-10T22:15:27.033\",\"lastModified\":\"2025-01-10T22:15:27.033\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple SQL Injection vulnerabilities exist in the reporting application.  A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105\",\"source\":\"psirt@arista.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9134\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-13T20:13:52.238229Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-13T20:13:56.720Z\"}}], \"cna\": {\"title\": \"Multiple SQL Injection vulnerabilities exist in the reporting application.  A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\", \"source\": {\"defect\": [\"NGFW-14721\"], \"advisory\": \"105\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Mehmet INCE from PRODAFT.com\"}], \"impacts\": [{\"capecId\": \"CAPEC-66\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-66 SQL Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"product\": \"Arista Edge Threat Management\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"17.1.1\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\\n\\n  *  17.2 Upgrade\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-10-29T20:20:00.000Z\", \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"For the Reports application, for all Reports Users, disable Online Access.\\n\\n\\n\\nTo do this:\\n\\n  *  As the NGFW administrator, log into the UI and go to the Reports application.\\n  *  For all users with the Online Access\\u00a0checkbox (red box) enabled, uncheck it.\\n  *  Click Save.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eFor the Reports application, for all Reports Users, disable \u003ci\u003eOnline Access.\u003c/i\u003e\u003c/p\u003e\u003cp\u003e\u003cimg alt=\\\"Security Advisory 105\\\" src=\\\"https://www.arista.com/assets/images/article/SA105-5.png\\\"\u003e\u003c/p\u003e\u003cdiv\u003eTo do this:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and go to the Reports application.\u003c/li\u003e\u003cli\u003eFor all users with the \u003ci\u003eOnline Access\u003c/i\u003e\u0026nbsp;checkbox (red box) enabled, uncheck it.\u003c/li\u003e\u003cli\u003eClick Save.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple SQL Injection vulnerabilities exist in the reporting application.  A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eMultiple SQL Injection vulnerabilities exist in the reporting application.  A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\\n\\n\\u00a0\\n\\nTo access this information:\\n\\n  *  As the NGFW administrator, log into the UI and navigate to the Reports application.\\n\\n\\nThe above picture shows the configuration panel for user access. The \\u201creportuser@domain.com\\u201d user has \\u201cOnline Access\\u201d checked, which is required in order to be vulnerable.\\n\\nIndicators of CompromiseAny compromise will reveal itself via the postgres user running a non-standard postgres process. \\u00a0\\n\\nFor example, an appropriate process list for running the postgres database will look like:\\n\\n# ps -u postgres -f\\nUID \\u00a0 \\u00a0 \\u00a0 \\u00a0 PID \\u00a0 PPID  C STIME TTY  \\u00a0 \\u00a0 \\u00a0 \\u00a0 TIME CMD\\npostgres  94057  \\u00a0 \\u00a0 1  0 Feb06 ?  \\u00a0 \\u00a0 \\u00a0 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\\npostgres  94063  94057  0 Feb06 ?  \\u00a0 \\u00a0 \\u00a0 00:00:02 postgres: 13/main: checkpointer\\npostgres  94064  94057  0 Feb06 ?  \\u00a0 \\u00a0 \\u00a0 00:00:00 postgres: 13/main: background writer\\npostgres  94065  94057  0 Feb06 ?  \\u00a0 \\u00a0 \\u00a0 00:00:12 postgres: 13/main: walwriter\\npostgres  94066  94057  0 Feb06 ?  \\u00a0 \\u00a0 \\u00a0 00:00:00 postgres: 13/main: autovacuum launcher\\npostgres  94067  94057  0 Feb06 ?  \\u00a0 \\u00a0 \\u00a0 00:00:01 postgres: 13/main: stats collector\\npostgres  94068  94057  0 Feb06 ?  \\u00a0 \\u00a0 \\u00a0 00:00:00 postgres: 13/main: logical replication launcher\\n\\n\\n\\u00a0\\n\\nAdditional processes run by the postgres user indicating a potential compromise may look like:\\n\\npostgres 100172 100171  0 Feb06 pts/2  \\u00a0 00:00:00 bash\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIf the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Reports application.\u003cp\u003e\u003cimg alt=\\\"Security Advisory 105\\\" src=\\\"https://www.arista.com/assets/images/article/SA105-4.png\\\"\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe above picture shows the configuration panel for user access. The \\u201c\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\"\u003ereportuser@domain.com\u003c/a\u003e\\u201d user has \\u201cOnline Access\\u201d checked, which is required in order to be vulnerable.\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cp\u003eAny compromise will reveal itself via the postgres user running a non-standard postgres process. \u0026nbsp;\u003c/p\u003e\u003cp\u003eFor example, an appropriate process list for running the postgres database will look like:\u003c/p\u003e\u003cpre\u003e# ps -u postgres -f\\nUID \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; PID \u0026nbsp; PPID  C STIME TTY  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; TIME CMD\\npostgres  94057  \u0026nbsp; \u0026nbsp; 1  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\\npostgres  94063  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:02 postgres: 13/main: checkpointer\\npostgres  94064  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: background writer\\npostgres  94065  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:12 postgres: 13/main: walwriter\\npostgres  94066  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: autovacuum launcher\\npostgres  94067  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:01 postgres: 13/main: stats collector\\npostgres  94068  94057  0 Feb06 ?  \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: logical replication launcher\\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eAdditional processes run by the postgres user indicating a potential compromise may look like:\u003c/p\u003e\u003cpre\u003epostgres 100172 100171  0 Feb06 pts/2  \u0026nbsp; 00:00:00 bash\u003c/pre\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2025-01-10T21:44:17.415Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-9134\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-13T20:14:00.556Z\", \"dateReserved\": \"2024-09-23T22:01:04.566Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2025-01-10T21:44:17.415Z\", \"assignerShortName\": \"Arista\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.