{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4578", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2024-05-06T22:39:09.409Z", "datePublished": "2024-06-27T18:31:06.468Z", "dateUpdated": "2024-08-01T20:47:41.270Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Arista Wireless Access Points", "vendor": "Arista Networks", "versions": [{"lessThanOrEqual": "13.0.2-28-vv1002", "status": "affected", "version": "13.0.2.x", "versionType": "custom"}, {"status": "affected", "version": "15.x", "versionType": "custom"}, {"lessThanOrEqual": "16.1.051-vv6", "status": "affected", "version": "16.x", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In order to be vulnerable to CVE-2024-4578, the following condition must be met:</p><p>The user must have knowledge of the config shell password to gain initial access.</p><br>"}], "value": "In order to be vulnerable to CVE-2024-4578, the following condition must be met:\n\nThe user must have knowledge of the config shell password to gain initial access."}], "credits": [{"lang": "en", "type": "finder", "value": "Arista would like to acknowledge and thank David Miller from cyllective AG (https://cyllective.com) for responsibly reporting CVE-2024-4578"}], "datePublic": "2024-06-25T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.</span><br>"}], "value": "This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2024-06-27T18:31:06.468Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Arista recommends customers move to the latest version of each release that contains all the fixes listed below:</p><p>CVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:</p><ul><li>13.0.2-28-vv1101 and later releases in the 13.0.2.x train</li><li>16.1.0-51-vv703 and later releases in the 16.1.0.x train</li></ul><p>For more information about upgrading WiFi AP Software, please see <a target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrade-server\">Upgrade Server</a>&nbsp;and <a target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager\">Upgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager</a>&nbsp;</p><br>"}], "value": "Arista recommends customers move to the latest version of each release that contains all the fixes listed below:\n\nCVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:\n\n * 13.0.2-28-vv1101 and later releases in the 13.0.2.x train\n * 16.1.0-51-vv703 and later releases in the 16.1.0.x train\n\n\nFor more information about upgrading WiFi AP Software, please see Upgrade Server https://wifihelp.arista.com/post/upgrade-server \u00a0and Upgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager"}], "source": {"advisory": "98", "defect": ["BUG948397"], "discovery": "EXTERNAL"}, "title": "Privilege escalation in Arista Wireless Access Points", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">To mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties.</span><br>"}], "value": "To mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "arista", "product": "wireless_access_point_firmware", "cpes": ["cpe:2.3:o:arista:wireless_access_point_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0.2.x", "status": "affected", "lessThanOrEqual": "13.0.2-28-vv1002", "versionType": "custom"}, {"version": "15.x", "status": "affected"}, {"version": "16.x", "status": "affected", "lessThanOrEqual": "16.1.051-vv6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-05T14:06:50.319490Z", "id": "CVE-2024-4578", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T17:28:36.740Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:47:41.270Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:47:41.270Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4578", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-05T14:06:50.319490Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:arista:wireless_access_point_firmware:*:*:*:*:*:*:*:*"], "vendor": "arista", "product": "wireless_access_point_firmware", "versions": [{"status": "affected", "version": "13.0.2.x", "versionType": "custom", "lessThanOrEqual": "13.0.2-28-vv1002"}, {"status": "affected", "version": "15.x"}, {"status": "affected", "version": "16.x", "versionType": "custom", "lessThanOrEqual": "16.1.051-vv6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:07:13.250Z"}}], "cna": {"title": "Privilege escalation in Arista Wireless Access Points", "source": {"defect": ["BUG948397"], "advisory": "98", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Arista would like to acknowledge and thank David Miller from cyllective AG (https://cyllective.com) for responsibly reporting CVE-2024-4578"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "Arista Wireless Access Points", "versions": [{"status": "affected", "version": "13.0.2.x", "versionType": "custom", "lessThanOrEqual": "13.0.2-28-vv1002"}, {"status": "affected", "version": "15.x", "versionType": "custom"}, {"status": "affected", "version": "16.x", "versionType": "custom", "lessThanOrEqual": "16.1.051-vv6"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Arista recommends customers move to the latest version of each release that contains all the fixes listed below:\n\nCVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:\n\n * 13.0.2-28-vv1101 and later releases in the 13.0.2.x train\n * 16.1.0-51-vv703 and later releases in the 16.1.0.x train\n\n\nFor more information about upgrading WiFi AP Software, please see Upgrade Server https://wifihelp.arista.com/post/upgrade-server \u00a0and Upgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager", "supportingMedia": [{"type": "text/html", "value": "<p>Arista recommends customers move to the latest version of each release that contains all the fixes listed below:</p><p>CVE-2024-4578 has been fixed in the 13.x and 16.x release trains, as follows:</p><ul><li>13.0.2-28-vv1101 and later releases in the 13.0.2.x train</li><li>16.1.0-51-vv703 and later releases in the 16.1.0.x train</li></ul><p>For more information about upgrading WiFi AP Software, please see <a target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrade-server\">Upgrade Server</a>&nbsp;and <a target=\"_blank\" rel=\"nofollow\" href=\"https://wifihelp.arista.com/post/upgrading-firmware-of-wifi-access-points-with-on-premises-wireless-manager\">Upgrading Firmware of Wi-Fi Access Points with On-Premises Wireless Manager</a>&nbsp;</p><br>", "base64": false}]}], "datePublic": "2024-06-25T15:00:00.000Z", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"}], "workarounds": [{"lang": "en", "value": "To mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">To mitigate the attack, configure a strong config shell password and share the password only with admin and/or trusted parties.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "configurations": [{"lang": "en", "value": "In order to be vulnerable to CVE-2024-4578, the following condition must be met:\n\nThe user must have knowledge of the config shell password to gain initial access.", "supportingMedia": [{"type": "text/html", "value": "<p>In order to be vulnerable to CVE-2024-4578, the following condition must be met:</p><p>The user must have knowledge of the config shell password to gain initial access.</p><br>", "base64": false}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2024-06-27T18:31:06.468Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4578", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:47:41.270Z", "dateReserved": "2024-05-06T22:39:09.409Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2024-06-27T18:31:06.468Z", "assignerShortName": "Arista"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the \u201cconfig\u201d user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges."}, {"lang": "es", "value": "Este aviso describe un problema que afecta los puntos de acceso inal\u00e1mbricos de Arista. Cualquier entidad con la capacidad de autenticarse a trav\u00e9s de SSH en un AP afectado como usuario \"config\" puede provocar una escalada de privilegios generando un shell bash. La sesi\u00f3n SSH CLI no requiere permisos elevados para aprovechar esta vulnerabilidad, pero se requiere la contrase\u00f1a de configuraci\u00f3n para establecer la sesi\u00f3n. El shell generado puede obtener privilegios de root."}], "id": "CVE-2024-4578", "lastModified": "2024-11-21T09:43:08.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2024-06-27T19:15:15.347", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19844-security-advisory-0098"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "psirt@arista.com", "type": "Secondary"}]}

{}