mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
147 lines
6.9 KiB
JSON
147 lines
6.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-4578",
|
|
"ASSIGNER": "psirt@arista.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
|
"cweId": "CWE-77"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Arista Networks",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Arista Wireless Access Points",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "13.0.2.x",
|
|
"version_value": "13.0.2-28-vv1002"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "15.x"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "16.x",
|
|
"version_value": "16.1.051-vv6"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098",
|
|
"refsource": "MISC",
|
|
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"advisory": "98",
|
|
"defect": [
|
|
"BUG948397"
|
|
],
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"configuration": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>In order to be vulnerable to CVE-2024-4578, the following condition must be met:</p><p>The user must have knowledge of the config shell password to gain initial access.</p><br>"
|
|
}
|
|
],
|
|
"value": "In order to be vulnerable to CVE-2024-4578, the following condition must be met:\n\nThe user must have knowledge of the config shell password to gain initial access."
|
|
}
|
|
],
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<span style=\"background-color: rgb(255, 255, 255);\">To mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties.</span><br>"
|
|
}
|
|
],
|
|
"value": "To mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>Arista recommends customers move to the latest version of each release that contains all the fixes listed below:</p><p>CVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:</p><ul><li>13.0.2-28-vv1101 and later releases in the 13.0.2.x train</li><li>16.1.0-51-vv703 and later releases in the 16.1.0.x train</li></ul><p>For more information about upgrading WiFi AP Software, please see <a target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrade-server\">Upgrade Server</a> and <a target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager\">Upgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager</a> </p><br>"
|
|
}
|
|
],
|
|
"value": "Arista recommends customers move to the latest version of each release that contains all the fixes listed below:\n\nCVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:\n\n * 13.0.2-28-vv1101 and later releases in the 13.0.2.x train\n * 16.1.0-51-vv703 and later releases in the 16.1.0.x train\n\n\nFor more information about upgrading WiFi AP Software, please see Upgrade Server https://wifihelp.arista.com/post/upgrade-server \u00a0and Upgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Arista would like to acknowledge and thank David Miller from cyllective AG (https://cyllective.com) for responsibly reporting CVE-2024-4578"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.4,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |