CVE-2024-27889

HIGH

Arista NG Firewall < 17.0 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.

Scores

CVSS v3 8.8
EPSS 0.0879
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
arista/ng_firewall < 17.0
Published Mar 04, 2024
Tracked Since Feb 18, 2026