CVE-2024-9132
Published: 10 January 2025
Summary
CVE-2024-9132 is a high-severity Code Injection (CWE-94) vulnerability in Arista Ng Firewall. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-9132 is a high-severity vulnerability (CVSS 8.1, CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) classified under CWE-94 (code injection), affecting Arista Networks software. It stems from the ability of administrators to configure an insecure captive portal script, potentially enabling arbitrary code execution.
Remote attackers with network access can exploit this vulnerability, requiring high attack complexity but no privileges or user interaction. Successful exploitation grants high-impact confidentiality, integrity, and availability effects, allowing attackers to inject and execute malicious code through the misconfigured captive portal script.
Arista has issued Security Advisory-0105, available at https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105, which provides details on affected versions and recommended mitigations or patches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50431
Vulnerability details
The administrator is able to configure an insecure captive portal script
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote code injection via misconfigured public-facing captive portal script enables arbitrary code execution (T1059) and exploitation of public-facing application (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CWE-94 code injection by requiring validation of administrator inputs for captive portal scripts to prevent arbitrary code execution.
Enforces secure configuration settings that prohibit insecure captive portal scripts, addressing the root cause of administrator-enabled vulnerabilities.
Limits system functionality to essential capabilities, restricting or disabling configurable script features in captive portals to reduce injection risks.