Cyber Resilience

CVE-2024-12830

High

Published: 20 December 2024

Published
20 December 2024
Modified
03 January 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0416 88.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12830 is a high-severity Path Traversal (CWE-22) vulnerability in Arista Ng Firewall. Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 11.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Arista NG Firewall contains a directory traversal vulnerability in the custom_handler method that permits remote code execution. The flaw stems from insufficient validation of user-supplied paths before they are used in file operations, allowing an unauthenticated attacker to write or execute files under the www-data user context. The issue was originally tracked as ZDI-CAN-24019 and carries a CVSS 3.1 base score of 7.3 with CWE-22.

Remote attackers can exploit the vulnerability over the network without authentication or user interaction to achieve arbitrary code execution on affected Arista NG Firewall installations. Successful exploitation grants the attacker the ability to run commands in the context of the web server process, potentially leading to further system compromise.

The single referenced advisory from the Zero Day Initiative provides technical details on the flaw but does not include explicit mitigation steps in the supplied information. The associated EPSS score reached a modest peak of 0.0538 before receding to its current value of 0.0416, indicating limited post-disclosure exploitation interest.

EU & UK References

Vulnerability details

Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

more

implementation of the custom_handler method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-24019.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

arista
ng firewall
17.1.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References