Search criteria
2 vulnerabilities found for Arista Wireless Access Points by Arista Networks
CVE-2024-4578 (GCVE-0-2024-4578)
Vulnerability from nvd – Published: 2024-06-27 18:31 – Updated: 2024-08-01 20:47
VLAI?
Title
Privilege escalation in Arista Wireless Access Points
Summary
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.
Severity ?
8.4 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Wireless Access Points |
Affected:
13.0.2.x , ≤ 13.0.2-28-vv1002
(custom)
Affected: 15.x (custom) Affected: 16.x , ≤ 16.1.051-vv6 (custom) |
Credits
Arista would like to acknowledge and thank David Miller from cyllective AG (https://cyllective.com) for responsibly reporting CVE-2024-4578
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arista:wireless_access_point_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wireless_access_point_firmware",
"vendor": "arista",
"versions": [
{
"lessThanOrEqual": "13.0.2-28-vv1002",
"status": "affected",
"version": "13.0.2.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "15.x"
},
{
"lessThanOrEqual": "16.1.051-vv6",
"status": "affected",
"version": "16.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:06:50.319490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:28:36.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Wireless Access Points",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "13.0.2-28-vv1002",
"status": "affected",
"version": "13.0.2.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "15.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "16.1.051-vv6",
"status": "affected",
"version": "16.x",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-4578, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe user must have knowledge of the config shell password to gain initial access.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-4578, the following condition must be met:\n\nThe user must have knowledge of the config shell password to gain initial access."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arista would like to acknowledge and thank David Miller from cyllective AG (https://cyllective.com) for responsibly reporting CVE-2024-4578"
}
],
"datePublic": "2024-06-25T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:31:06.468Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eArista recommends customers move to the latest version of each release that contains all the fixes listed below:\u003c/p\u003e\u003cp\u003eCVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:\u003c/p\u003e\u003cul\u003e\u003cli\u003e13.0.2-28-vv1101 and later releases in the 13.0.2.x train\u003c/li\u003e\u003cli\u003e16.1.0-51-vv703 and later releases in the 16.1.0.x train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information about upgrading WiFi AP Software, please see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrade-server\"\u003eUpgrade Server\u003c/a\u003e\u0026nbsp;and \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager\"\u003eUpgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Arista recommends customers move to the latest version of each release that contains all the fixes listed below:\n\nCVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:\n\n * 13.0.2-28-vv1101 and later releases in the 13.0.2.x train\n * 16.1.0-51-vv703 and later releases in the 16.1.0.x train\n\n\nFor more information about upgrading WiFi AP Software, please see Upgrade Server https://wifihelp.arista.com/post/upgrade-server \u00a0and Upgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager"
}
],
"source": {
"advisory": "98",
"defect": [
"BUG948397"
],
"discovery": "EXTERNAL"
},
"title": "Privilege escalation in Arista Wireless Access Points",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "To mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-4578",
"datePublished": "2024-06-27T18:31:06.468Z",
"dateReserved": "2024-05-06T22:39:09.409Z",
"dateUpdated": "2024-08-01T20:47:41.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4578 (GCVE-0-2024-4578)
Vulnerability from cvelistv5 – Published: 2024-06-27 18:31 – Updated: 2024-08-01 20:47
VLAI?
Title
Privilege escalation in Arista Wireless Access Points
Summary
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.
Severity ?
8.4 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Wireless Access Points |
Affected:
13.0.2.x , ≤ 13.0.2-28-vv1002
(custom)
Affected: 15.x (custom) Affected: 16.x , ≤ 16.1.051-vv6 (custom) |
Credits
Arista would like to acknowledge and thank David Miller from cyllective AG (https://cyllective.com) for responsibly reporting CVE-2024-4578
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arista:wireless_access_point_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wireless_access_point_firmware",
"vendor": "arista",
"versions": [
{
"lessThanOrEqual": "13.0.2-28-vv1002",
"status": "affected",
"version": "13.0.2.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "15.x"
},
{
"lessThanOrEqual": "16.1.051-vv6",
"status": "affected",
"version": "16.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:06:50.319490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T17:28:36.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Wireless Access Points",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "13.0.2-28-vv1002",
"status": "affected",
"version": "13.0.2.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "15.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "16.1.051-vv6",
"status": "affected",
"version": "16.x",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-4578, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe user must have knowledge of the config shell password to gain initial access.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-4578, the following condition must be met:\n\nThe user must have knowledge of the config shell password to gain initial access."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arista would like to acknowledge and thank David Miller from cyllective AG (https://cyllective.com) for responsibly reporting CVE-2024-4578"
}
],
"datePublic": "2024-06-25T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:31:06.468Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eArista recommends customers move to the latest version of each release that contains all the fixes listed below:\u003c/p\u003e\u003cp\u003eCVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:\u003c/p\u003e\u003cul\u003e\u003cli\u003e13.0.2-28-vv1101 and later releases in the 13.0.2.x train\u003c/li\u003e\u003cli\u003e16.1.0-51-vv703 and later releases in the 16.1.0.x train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information about upgrading WiFi AP Software, please see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrade-server\"\u003eUpgrade Server\u003c/a\u003e\u0026nbsp;and \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager\"\u003eUpgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Arista recommends customers move to the latest version of each release that contains all the fixes listed below:\n\nCVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:\n\n * 13.0.2-28-vv1101 and later releases in the 13.0.2.x train\n * 16.1.0-51-vv703 and later releases in the 16.1.0.x train\n\n\nFor more information about upgrading WiFi AP Software, please see Upgrade Server https://wifihelp.arista.com/post/upgrade-server \u00a0and Upgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager"
}
],
"source": {
"advisory": "98",
"defect": [
"BUG948397"
],
"discovery": "EXTERNAL"
},
"title": "Privilege escalation in Arista Wireless Access Points",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTo mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "To mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-4578",
"datePublished": "2024-06-27T18:31:06.468Z",
"dateReserved": "2024-05-06T22:39:09.409Z",
"dateUpdated": "2024-08-01T20:47:41.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}