CVE-2024-9134

HighPublic PoC

Published: 10 January 2025

Published

10 January 2025

Modified

18 December 2025

KEV Added

—

Patch

—

CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS Score 0.0010 26.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9134 is a high-severity SQL Injection (CWE-89) vulnerability in Arista Ng Firewall. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2024-9134 by identifying, reporting, and correcting the SQL injection flaws through patching as detailed in Arista's security advisory.

SI-10 Information Input Validation good match

prevent

Prevents SQL injection exploitation in the reporting application by enforcing input validation at user input points to block malicious database query manipulation.

AC-6 Least Privilege partial match

prevent

Limits damage from elevated privilege OS command execution post-exploitation by enforcing least privilege on accounts and processes accessible via the reporting application.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SQL injection in network-accessible reporting app directly enables remote exploitation for OS command execution (RCE).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.

Deeper analysisAI

CVE-2024-9134 consists of multiple SQL injection vulnerabilities (CWE-89) in Arista's reporting application. These flaws carry a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) and were published on 2025-01-10. The vulnerabilities enable unauthorized database query manipulation within the reporting component.

A user possessing advanced report application access rights—which aligns with the low privileges required (PR:L)—can exploit these SQL injections remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows the attacker to execute arbitrary commands on the underlying operating system with elevated privileges, resulting in high impacts to confidentiality and integrity, alongside a low impact to availability.

Arista has published a security advisory detailing the issue and mitigation steps at https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105.