CVE-2024-47519
Published: 10 January 2025
Summary
CVE-2024-47519 is a high-severity Key Exchange without Entity Authentication (CWE-322) vulnerability in Arista Ng Firewall. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2024-47519 is a vulnerability where backup uploads to ETM are subject to man-in-the-middle (MITM) interception, assigned CWE-322 (Key Exchange without Entity Authentication). It affects Arista products, as detailed in the vendor's security advisory. The vulnerability received a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and limited availability.
An attacker with low privileges (such as an authenticated user) and network access can exploit this vulnerability remotely without user interaction. By performing a MITM attack on backup uploads to ETM, the attacker can intercept sensitive backup data (high confidentiality impact), modify it (high integrity impact), and potentially cause limited disruption (low availability impact).
Arista's security advisory (https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105) provides details on mitigations and patches for addressing this issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42723
Vulnerability details
Backup uploads to ETM subject to man-in-the-middle interception
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Explicit MITM interception due to unauthenticated key exchange on backup uploads directly enables Adversary-in-the-Middle.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires cryptographic mechanisms to protect the confidentiality and integrity of information during transmission, directly preventing MITM interception and modification of backup uploads to ETM.
Implements mechanisms to ensure the authenticity of communications sessions, mitigating key exchange without entity authentication that enables MITM attacks.
Establishes and manages cryptographic keys according to defined requirements, addressing weaknesses in key exchange processes vulnerable to MITM exploitation.