Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324.
History

Fri, 20 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 20 Dec 2024 00:30:00 +0000

Type Values Removed Values Added
Description Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324.
Title Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability
Weaknesses CWE-863
References
Metrics cvssV3_0

{'score': 6.6, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-12-20T00:05:49.863Z

Updated: 2024-12-20T17:37:50.042Z

Reserved: 2024-12-19T22:19:59.640Z

Link: CVE-2024-12831

cve-icon Vulnrichment

Updated: 2024-12-20T16:32:33.993Z

cve-icon NVD

Status : Received

Published: 2024-12-20T01:15:06.670

Modified: 2024-12-20T01:15:06.670

Link: CVE-2024-12831

cve-icon Redhat

No data.