CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9188 – Specially constructed queries cause cross platform scripting leaking administrator tokens
https://notcve.org/view.php?id=CVE-2024-9188
10 Jan 2025 — Specially constructed queries cause cross platform scripting leaking administrator tokens • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47520 – A user with advanced report application access rights can perform actions for which they are not authorized
https://notcve.org/view.php?id=CVE-2024-47520
10 Jan 2025 — A user with advanced report application access rights can perform actions for which they are not authorized • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47519 – Backup uploads to ETM subject to man-in-the-middle interception
https://notcve.org/view.php?id=CVE-2024-47519
10 Jan 2025 — Backup uploads to ETM subject to man-in-the-middle interception • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-322: Key Exchange without Entity Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47518 – Specially constructed queries targeting ETM could discover active remote access sessions
https://notcve.org/view.php?id=CVE-2024-47518
10 Jan 2025 — Specially constructed queries targeting ETM could discover active remote access sessions • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47517 – Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
https://notcve.org/view.php?id=CVE-2024-47517
10 Jan 2025 — Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9134 – Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
https://notcve.org/view.php?id=CVE-2024-9134
10 Jan 2025 — Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9133 – A user with administrator privileges is able to retrieve authentication tokens
https://notcve.org/view.php?id=CVE-2024-9133
10 Jan 2025 — A user with administrator privileges is able to retrieve authentication tokens • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9132 – The administrator is able to configure an insecure captive portal script
https://notcve.org/view.php?id=CVE-2024-9132
10 Jan 2025 — The administrator is able to configure an insecure captive portal script • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9131 – A user with administrator privileges can perform command injection
https://notcve.org/view.php?id=CVE-2024-9131
10 Jan 2025 — A user with administrator privileges can perform command injection • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •