CVE-2024-9131

High

Published: 10 January 2025

Published

10 January 2025

Modified

29 September 2025

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0034 56.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9131 is a high-severity Argument Injection (CWE-88) vulnerability in Arista Ng Firewall. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 43.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Device CLI (T1059.008). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates command injection by validating all information inputs to prevent malicious command execution.

SI-2 Flaw Remediation good match

prevent

Addresses the specific vulnerability by requiring timely remediation through vendor patches as detailed in the Arista advisory.

AC-6 Least Privilege partial match

prevent

Limits the number of users with administrator privileges required for exploitation, reducing the attack surface.

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

Command injection (CWE-88) in Arista network device management interface directly enables arbitrary command execution via the Network Device CLI.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A user with administrator privileges can perform command injection

Deeper analysisAI

CVE-2024-9131 is a command injection vulnerability (CWE-88) that affects Arista products. Published on 2025-01-10, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The flaw enables a user with administrator privileges to perform command injection.

An attacker requires administrator privileges (PR:H) to exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation results in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U), potentially allowing full system compromise.

The Arista Security Advisory provides details on mitigation: https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105.