CVE-2024-9131
Published: 10 January 2025
Summary
CVE-2024-9131 is a high-severity Argument Injection (CWE-88) vulnerability in Arista Ng Firewall. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 39.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-9131 is a command injection vulnerability (CWE-88) that affects Arista products. Published on 2025-01-10, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The flaw enables a user with administrator privileges to perform command injection.
An attacker requires administrator privileges (PR:H) to exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation results in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U), potentially allowing full system compromise.
The Arista Security Advisory provides details on mitigation: https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50430
Vulnerability details
A user with administrator privileges can perform command injection
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection (CWE-88) in Arista network device management interface directly enables arbitrary command execution via the Network Device CLI.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates command injection by validating all information inputs to prevent malicious command execution.
Addresses the specific vulnerability by requiring timely remediation through vendor patches as detailed in the Arista advisory.
Limits the number of users with administrator privileges required for exploitation, reducing the attack surface.