CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4578 – Privilege escalation in Arista Wireless Access Points
https://notcve.org/view.php?id=CVE-2024-4578
27 Jun 2024 — This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges. • https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2020-3702 – Ubuntu Security Notice USN-5116-1
https://notcve.org/view.php?id=CVE-2020-3702
08 Sep 2020 — u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM899... • https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html • CWE-319: Cleartext Transmission of Sensitive Information •