This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.
References
Configurations
No configuration.
History
21 Nov 2024, 09:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098 - | |
Summary |
|
27 Jun 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-27 19:15
Updated : 2024-11-21 09:43
NVD link : CVE-2024-4578
Mitre link : CVE-2024-4578
CVE.ORG link : CVE-2024-4578
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')