CVE-2024-47518
Published: 10 January 2025
Summary
CVE-2024-47518 is a medium-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in Arista Ng Firewall. Its CVSS base score is 6.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Network Connections Discovery (T1049); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-47518 is a vulnerability (CWE-552) in ETM that allows specially constructed queries to discover active remote access sessions. It affects Arista software components, as detailed in the vendor's security advisory. The issue carries a CVSS v3.1 base score of 6.4 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L), indicating medium severity with primary impact on confidentiality.
An attacker with low privileges (PR:L) and network access (AV:N) can exploit this vulnerability, though it requires high attack complexity (AC:H) with no user interaction needed. Successful exploitation enables discovery of active remote access sessions, granting high confidentiality impact (C:H), along with low integrity (I:L) and availability (A:L) effects, potentially exposing sensitive session details.
Arista's security advisory (https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105) provides mitigation guidance and patch information for affected systems. Security practitioners should consult this advisory for upgrade paths and workarounds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42721
Vulnerability details
Specially constructed queries targeting ETM could discover active remote access sessions
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables authenticated queries to enumerate active remote access sessions, directly facilitating network connection/session discovery on the target system.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations to prevent low-privileged users from accessing sensitive remote access session information via specially constructed queries.
Validates inputs from specially constructed queries targeting ETM to block exploitation and discovery of active remote access sessions.
Filters query outputs to prevent unauthorized disclosure of active remote access session details.