Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-47520
PUBLISHED
More InfoOfficial Page
Assigner-Arista
Assigner Org ID-c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7
View Known Exploited Vulnerability (KEV) details
Published At-10 Jan, 2025 | 22:00
Updated At-13 Jan, 2025 | 20:11
Rejected At-
▼CVE Numbering Authority (CNA)
A user with advanced report application access rights can perform actions for which they are not authorized

A user with advanced report application access rights can perform actions for which they are not authorized

Affected Products
Vendor
Arista Networks, Inc.Arista Networks
Product
Arista Edge Threat Management
Default Status
unaffected
Versions
Affected
  • From 17.1.0 through 17.1.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-653CWE-653
Type: CWE
CWE ID: CWE-653
Description: CWE-653
Metrics
VersionBase scoreBase severityVector
3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
Solutions

The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience. * 17.2 Upgrade

Configurations

If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.   To access this information: * As the NGFW administrator, log into the UI and navigate to the Reports application. The above picture shows the configuration panel for user access. The “reportuser@domain.com” user has “Online Access” checked, which is required in order to be vulnerable.

Workarounds

For the Reports application, for all Reports Users, disable Online Access.   To do this: * As the NGFW administrator, log into the UI and go to the Reports application. * For all users with the Online Access checkbox (red box) enabled, uncheck it. * Click Save.

Exploits
Credits
finder
Mehmet INCE from PRODAFT.com
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105
N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found