Cyber Resilience

CVE-2024-47518

MediumPublic PoC

Published: 10 January 2025

Published
10 January 2025
Modified
29 September 2025
KEV Added
Patch
CVSS Score v3.1 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0008 23.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47518 is a medium-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in Arista Ng Firewall. Its CVSS base score is 6.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Network Connections Discovery (T1049); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-47518 is a vulnerability (CWE-552) in ETM that allows specially constructed queries to discover active remote access sessions. It affects Arista software components, as detailed in the vendor's security advisory. The issue carries a CVSS v3.1 base score of 6.4 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L), indicating medium severity with primary impact on confidentiality.

An attacker with low privileges (PR:L) and network access (AV:N) can exploit this vulnerability, though it requires high attack complexity (AC:H) with no user interaction needed. Successful exploitation enables discovery of active remote access sessions, granting high confidentiality impact (C:H), along with low integrity (I:L) and availability (A:L) effects, potentially exposing sensitive session details.

Arista's security advisory (https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105) provides mitigation guidance and patch information for affected systems. Security practitioners should consult this advisory for upgrade paths and workarounds.

EU & UK References

Vulnerability details

Specially constructed queries targeting ETM could discover active remote access sessions

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1049 System Network Connections Discovery Discovery
Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network.
Why these techniques?

Vulnerability enables authenticated queries to enumerate active remote access sessions, directly facilitating network connection/session discovery on the target system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-9134Same product: Arista Ng Firewall
CVE-2024-9188Same product: Arista Ng Firewall
CVE-2024-47520Same product: Arista Ng Firewall
CVE-2024-47519Same product: Arista Ng Firewall
CVE-2024-9132Same product: Arista Ng Firewall
CVE-2024-9131Same product: Arista Ng Firewall
CVE-2026-2330Shared CWE-552
CVE-2024-48864Shared CWE-552
CVE-2019-25709Shared CWE-552
CVE-2024-12917Shared CWE-552

Affected Assets

arista
ng firewall
≤ 17.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to prevent low-privileged users from accessing sensitive remote access session information via specially constructed queries.

prevent

Validates inputs from specially constructed queries targeting ETM to block exploitation and discovery of active remote access sessions.

prevent

Filters query outputs to prevent unauthorized disclosure of active remote access session details.

References