Cyber Posture

CVE-2024-47519

High

Published: 10 January 2025

Published
10 January 2025
Modified
29 September 2025
KEV Added
Patch
CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0008 23.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47519 is a high-severity Key Exchange without Entity Authentication (CWE-322) vulnerability in Arista Ng Firewall. Its CVSS base score is 8.3 (High).

Operationally, ranked at the 23.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-8 Transmission Confidentiality and Integrity good match
prevent

Requires cryptographic mechanisms to protect the confidentiality and integrity of information during transmission, directly preventing MITM interception and modification of backup uploads to ETM.

SC-23 Session Authenticity good match
prevent

Implements mechanisms to ensure the authenticity of communications sessions, mitigating key exchange without entity authentication that enables MITM attacks.

SC-12 Cryptographic Key Establishment and Management partial match
prevent

Establishes and manages cryptographic keys according to defined requirements, addressing weaknesses in key exchange processes vulnerable to MITM exploitation.

NVD Description

Backup uploads to ETM subject to man-in-the-middle interception

Deeper analysisAI

CVE-2024-47519 is a vulnerability where backup uploads to ETM are subject to man-in-the-middle (MITM) interception, assigned CWE-322 (Key Exchange without Entity Authentication). It affects Arista products, as detailed in the vendor's security advisory. The vulnerability received a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and limited availability.

An attacker with low privileges (such as an authenticated user) and network access can exploit this vulnerability remotely without user interaction. By performing a MITM attack on backup uploads to ETM, the attacker can intercept sensitive backup data (high confidentiality impact), modify it (high integrity impact), and potentially cause limited disruption (low availability impact).

Arista's security advisory (https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105) provides details on mitigations and patches for addressing this issue.

Details

CWE(s)
CWE-322

Affected Products

arista
ng firewall
≤ 17.1.1

CVEs Like This One

CVE-2024-9188Same product: Arista Ng Firewall
CVE-2024-9132Same product: Arista Ng Firewall
CVE-2024-9134Same product: Arista Ng Firewall
CVE-2024-47520Same product: Arista Ng Firewall
CVE-2024-47518Same product: Arista Ng Firewall
CVE-2024-9131Same product: Arista Ng Firewall
CVE-2025-13914Shared CWE-322
CVE-2025-62501Shared CWE-322
CVE-2026-1709Shared CWE-322
CVE-2026-33697Shared CWE-322

References