Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-24-1720/ |
History
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 20 Dec 2024 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324. | |
Title | Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability | |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-12-20T00:05:49.863Z
Updated: 2024-12-20T17:37:50.042Z
Reserved: 2024-12-19T22:19:59.640Z
Link: CVE-2024-12831
Vulnrichment
Updated: 2024-12-20T16:32:33.993Z
NVD
Status : Received
Published: 2024-12-20T01:15:06.670
Modified: 2024-12-20T01:15:06.670
Link: CVE-2024-12831
Redhat
No data.