Cyber Resilience

CVE-2024-47519

High

Published: 10 January 2025

Published
10 January 2025
Modified
29 September 2025
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0011 28.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47519 is a high-severity Key Exchange without Entity Authentication (CWE-322) vulnerability in Arista Ng Firewall. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2024-47519 is a vulnerability where backup uploads to ETM are subject to man-in-the-middle (MITM) interception, assigned CWE-322 (Key Exchange without Entity Authentication). It affects Arista products, as detailed in the vendor's security advisory. The vulnerability received a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and limited availability.

An attacker with low privileges (such as an authenticated user) and network access can exploit this vulnerability remotely without user interaction. By performing a MITM attack on backup uploads to ETM, the attacker can intercept sensitive backup data (high confidentiality impact), modify it (high integrity impact), and potentially cause limited disruption (low availability impact).

Arista's security advisory (https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105) provides details on mitigations and patches for addressing this issue.

EU & UK References

Vulnerability details

Backup uploads to ETM subject to man-in-the-middle interception

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Explicit MITM interception due to unauthenticated key exchange on backup uploads directly enables Adversary-in-the-Middle.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-9134Same product: Arista Ng Firewall
CVE-2024-47518Same product: Arista Ng Firewall
CVE-2024-9188Same product: Arista Ng Firewall
CVE-2024-9132Same product: Arista Ng Firewall
CVE-2024-47520Same product: Arista Ng Firewall
CVE-2024-9131Same product: Arista Ng Firewall
CVE-2025-62501Shared CWE-322
CVE-2026-45361Shared CWE-322
CVE-2025-13914Shared CWE-322
CVE-2026-1709Shared CWE-322

Affected Assets

arista
ng firewall
≤ 17.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic mechanisms to protect the confidentiality and integrity of information during transmission, directly preventing MITM interception and modification of backup uploads to ETM.

prevent

Implements mechanisms to ensure the authenticity of communications sessions, mitigating key exchange without entity authentication that enables MITM attacks.

prevent

Establishes and manages cryptographic keys according to defined requirements, addressing weaknesses in key exchange processes vulnerable to MITM exploitation.

References