Cyber Resilience

CVE-2024-47520

High

Published: 10 January 2025

Published
10 January 2025
Modified
29 September 2025
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
EPSS Score 0.0016 37.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47520 is a high-severity Improper Isolation or Compartmentalization (CWE-653) vulnerability in Arista Ng Firewall. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 37.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-24 (Access Control Decisions).

Deeper analysis

CVE-2024-47520 is an authorization vulnerability (CWE-653) affecting Arista software, where a user with advanced report application access rights can perform actions for which they are not authorized. It has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L), indicating high severity due to significant impacts on confidentiality and integrity.

The vulnerability can be exploited by a low-privileged, authenticated attacker over the network with low complexity, though it requires user interaction. Successful exploitation allows the attacker to achieve high confidentiality and integrity impacts, with low availability impact, enabling unauthorized actions beyond the user's intended permissions within the affected report application.

Arista's security advisory (https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105) provides details on patches and mitigations; security practitioners should consult it for specific remediation steps, such as applying updates to vulnerable components.

EU & UK References

Vulnerability details

A user with advanced report application access rights can perform actions for which they are not authorized

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Authorization bypass (CWE-653) directly enables unauthorized actions, mapping to exploitation for privilege escalation within the report application.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-9134Same product: Arista Ng Firewall
CVE-2024-47518Same product: Arista Ng Firewall
CVE-2024-47519Same product: Arista Ng Firewall
CVE-2024-9132Same product: Arista Ng Firewall
CVE-2024-9188Same product: Arista Ng Firewall
CVE-2024-9131Same product: Arista Ng Firewall
CVE-2026-40968Shared CWE-653
CVE-2026-4282Shared CWE-653
CVE-2024-0135Shared CWE-653
CVE-2026-31431Same vendor: Arista

Affected Assets

arista
ng firewall
≤ 17.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access, directly preventing users from performing unauthorized actions despite having advanced report access rights.

prevent

Applies least privilege to limit users to only necessary permissions, reducing the scope of unauthorized actions exploitable via the authorization flaw.

prevent

Ensures access control decisions are properly defined and reviewed, addressing flawed authorization logic that allows unintended actions for report users.

References