A user with advanced report application access rights can perform actions for which they are not authorized
Fixes

Solution

The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience. * 17.2 Upgrade


Workaround

For the Reports application, for all Reports Users, disable Online Access.   To do this: * As the NGFW administrator, log into the UI and go to the Reports application. * For all users with the Online Access checkbox (red box) enabled, uncheck it. * Click Save.

History

Mon, 29 Sep 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Arista
Arista ng Firewall
CPEs cpe:2.3:a:arista:ng_firewall:*:*:*:*:*:*:*:*
Vendors & Products Arista
Arista ng Firewall

Mon, 13 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 10 Jan 2025 22:15:00 +0000

Type Values Removed Values Added
Description A user with advanced report application access rights can perform actions for which they are not authorized
Title A user with advanced report application access rights can perform actions for which they are not authorized
Weaknesses CWE-653
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Arista

Published:

Updated: 2025-01-13T20:11:36.240Z

Reserved: 2024-09-25T20:29:43.984Z

Link: CVE-2024-47520

cve-icon Vulnrichment

Updated: 2025-01-13T20:09:35.271Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-10T22:15:26.290

Modified: 2025-09-29T12:32:54.070

Link: CVE-2024-47520

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.