CVE-2024-9131
- EPSS 1.35%
- Veröffentlicht 10.01.2025 22:15:26
- Zuletzt bearbeitet 29.09.2025 12:33:48
A user with administrator privileges can perform command injection
CVE-2024-47520
- EPSS 0.4%
- Veröffentlicht 10.01.2025 22:15:26
- Zuletzt bearbeitet 29.09.2025 12:32:54
A user with advanced report application access rights can perform actions for which they are not authorized
CVE-2024-47519
- EPSS 0.33%
- Veröffentlicht 10.01.2025 22:15:26
- Zuletzt bearbeitet 29.09.2025 12:31:59
Backup uploads to ETM subject to man-in-the-middle interception
CVE-2024-47518
- EPSS 0.41%
- Veröffentlicht 10.01.2025 22:15:26
- Zuletzt bearbeitet 29.09.2025 12:30:54
Specially constructed queries targeting ETM could discover active remote access sessions
CVE-2024-47517
- EPSS 0.39%
- Veröffentlicht 10.01.2025 22:15:25
- Zuletzt bearbeitet 29.09.2025 12:25:57
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
CVE-2024-12832
- EPSS 0.48%
- Veröffentlicht 20.12.2024 01:15:06
- Zuletzt bearbeitet 03.01.2025 17:50:27
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authent...
CVE-2024-12831
- EPSS 0.16%
- Veröffentlicht 20.12.2024 01:15:06
- Zuletzt bearbeitet 03.01.2025 17:48:53
Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to ex...
CVE-2024-12830
- EPSS 0.99%
- Veröffentlicht 20.12.2024 01:15:06
- Zuletzt bearbeitet 03.01.2025 17:47:52
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit...
CVE-2024-12829
- EPSS 1.26%
- Veröffentlicht 20.12.2024 01:15:05
- Zuletzt bearbeitet 03.01.2025 17:46:48
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this...
CVE-2024-27889
- EPSS 8.79%
- Veröffentlicht 04.03.2024 20:15:50
- Zuletzt bearbeitet 22.10.2025 13:49:56
Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute ...