CVE-2024-9448
Published: 08 May 2025
Summary
CVE-2024-9448 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Https: (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 33.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14045
Vulnerability details
On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will…
more
not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.