mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
138 lines
8.6 KiB
JSON
138 lines
8.6 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-9134",
|
|
"ASSIGNER": "psirt@arista.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-89",
|
|
"cweId": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Arista Networks",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Arista Edge Threat Management",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "17.1.0",
|
|
"version_value": "17.1.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105",
|
|
"refsource": "MISC",
|
|
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"advisory": "105",
|
|
"defect": [
|
|
"NGFW-14721"
|
|
],
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"configuration": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.</p><div> </div><div>To access this information:</div><ol><li>As the NGFW administrator, log into the UI and navigate to the Reports application.<p><img alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-4.png\"></p></li></ol><p>The above picture shows the configuration panel for user access. The \u201c<a target=\"_blank\" rel=\"nofollow\">reportuser@domain.com</a>\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.</p><h4>Indicators of Compromise</h4><p>Any compromise will reveal itself via the postgres user running a non-standard postgres process. </p><p>For example, an appropriate process list for running the postgres database will look like:</p><pre># ps -u postgres -f\nUID PID PPID C STIME TTY TIME CMD\npostgres 94057 1 0 Feb06 ? 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres 94063 94057 0 Feb06 ? 00:00:02 postgres: 13/main: checkpointer\npostgres 94064 94057 0 Feb06 ? 00:00:00 postgres: 13/main: background writer\npostgres 94065 94057 0 Feb06 ? 00:00:12 postgres: 13/main: walwriter\npostgres 94066 94057 0 Feb06 ? 00:00:00 postgres: 13/main: autovacuum launcher\npostgres 94067 94057 0 Feb06 ? 00:00:01 postgres: 13/main: stats collector\npostgres 94068 94057 0 Feb06 ? 00:00:00 postgres: 13/main: logical replication launcher\n</pre><div> </div><p>Additional processes run by the postgres user indicating a potential compromise may look like:</p><pre>postgres 100172 100171 0 Feb06 pts/2 00:00:00 bash</pre><br>"
|
|
}
|
|
],
|
|
"value": "If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Reports application.\n\n\nThe above picture shows the configuration panel for user access. The \u201creportuser@domain.com\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\n\nIndicators of CompromiseAny compromise will reveal itself via the postgres user running a non-standard postgres process. \u00a0\n\nFor example, an appropriate process list for running the postgres database will look like:\n\n# ps -u postgres -f\nUID \u00a0 \u00a0 \u00a0 \u00a0 PID \u00a0 PPID C STIME TTY \u00a0 \u00a0 \u00a0 \u00a0 TIME CMD\npostgres 94057 \u00a0 \u00a0 1 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres 94063 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:02 postgres: 13/main: checkpointer\npostgres 94064 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: background writer\npostgres 94065 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:12 postgres: 13/main: walwriter\npostgres 94066 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: autovacuum launcher\npostgres 94067 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:01 postgres: 13/main: stats collector\npostgres 94068 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: logical replication launcher\n\n\n\u00a0\n\nAdditional processes run by the postgres user indicating a potential compromise may look like:\n\npostgres 100172 100171 0 Feb06 pts/2 \u00a0 00:00:00 bash"
|
|
}
|
|
],
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>For the Reports application, for all Reports Users, disable <i>Online Access.</i></p><p><img alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-5.png\"></p><div>To do this:</div><ol><li>As the NGFW administrator, log into the UI and go to the Reports application.</li><li>For all users with the <i>Online Access</i> checkbox (red box) enabled, uncheck it.</li><li>Click Save.</li></ol><br>"
|
|
}
|
|
],
|
|
"value": "For the Reports application, for all Reports Users, disable Online Access.\n\n\n\nTo do this:\n\n * As the NGFW administrator, log into the UI and go to the Reports application.\n * For all users with the Online Access\u00a0checkbox (red box) enabled, uncheck it.\n * Click Save."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<div>The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.</div><ul><li>17.2 Upgrade</li></ul>"
|
|
}
|
|
],
|
|
"value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Mehmet INCE from PRODAFT.com"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 8.3,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |