CVE-2024-9134 - Vulnerability Details - OpenCVE

Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

History

Mon, 13 Jan 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 10 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
Title		Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
Weaknesses		CWE-89
References		https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Arista

Published: 2025-01-10T21:44:17.415Z

Updated: 2025-01-13T20:14:00.556Z

Reserved: 2024-09-23T22:01:04.566Z

Link: CVE-2024-9134

Vulnrichment

Updated: 2025-01-13T20:13:56.720Z

NVD

Status : Received

Published: 2025-01-10T22:15:27.033

Modified: 2025-01-10T22:15:27.033

Link: CVE-2024-9134

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9134", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2024-09-23T22:01:04.566Z", "datePublished": "2025-01-10T21:44:17.415Z", "dateUpdated": "2025-01-13T20:14:00.556Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Arista Edge Threat Management", "vendor": "Arista Networks", "versions": [{"lessThanOrEqual": "17.1.1", "status": "affected", "version": "17.1.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.</p><div> </div><div>To access this information:</div><ol><li>As the NGFW administrator, log into the UI and navigate to the Reports application.<p><img alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-4.png\"></p></li></ol><p>The above picture shows the configuration panel for user access. The \u201c<a target=\"_blank\" rel=\"nofollow\">reportuser@domain.com</a>\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.</p><h4>Indicators of Compromise</h4><p>Any compromise will reveal itself via the postgres user running a non-standard postgres process.  </p><p>For example, an appropriate process list for running the postgres database will look like:</p><pre># ps -u postgres -f\nUID         PID   PPID C STIME TTY         TIME CMD\npostgres 94057     1 0 Feb06 ?       00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres 94063 94057 0 Feb06 ?       00:00:02 postgres: 13/main: checkpointer\npostgres 94064 94057 0 Feb06 ?       00:00:00 postgres: 13/main: background writer\npostgres 94065 94057 0 Feb06 ?       00:00:12 postgres: 13/main: walwriter\npostgres 94066 94057 0 Feb06 ?       00:00:00 postgres: 13/main: autovacuum launcher\npostgres 94067 94057 0 Feb06 ?       00:00:01 postgres: 13/main: stats collector\npostgres 94068 94057 0 Feb06 ?       00:00:00 postgres: 13/main: logical replication launcher\n</pre><div> </div><p>Additional processes run by the postgres user indicating a potential compromise may look like:</p><pre>postgres 100172 100171 0 Feb06 pts/2   00:00:00 bash</pre><br>"}], "value": "If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Reports application.\n\n\nThe above picture shows the configuration panel for user access. The \u201creportuser@domain.com\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\n\nIndicators of CompromiseAny compromise will reveal itself via the postgres user running a non-standard postgres process. \u00a0\n\nFor example, an appropriate process list for running the postgres database will look like:\n\n# ps -u postgres -f\nUID \u00a0 \u00a0 \u00a0 \u00a0 PID \u00a0 PPID C STIME TTY \u00a0 \u00a0 \u00a0 \u00a0 TIME CMD\npostgres 94057 \u00a0 \u00a0 1 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres 94063 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:02 postgres: 13/main: checkpointer\npostgres 94064 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: background writer\npostgres 94065 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:12 postgres: 13/main: walwriter\npostgres 94066 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: autovacuum launcher\npostgres 94067 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:01 postgres: 13/main: stats collector\npostgres 94068 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: logical replication launcher\n\n\n\u00a0\n\nAdditional processes run by the postgres user indicating a potential compromise may look like:\n\npostgres 100172 100171 0 Feb06 pts/2 \u00a0 00:00:00 bash"}], "credits": [{"lang": "en", "type": "finder", "value": "Mehmet INCE from PRODAFT.com"}], "datePublic": "2024-10-29T20:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.</span><br>"}], "value": "Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-01-10T21:44:17.415Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.</div><ul><li>17.2 Upgrade</li></ul>"}], "value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"}], "source": {"advisory": "105", "defect": ["NGFW-14721"], "discovery": "EXTERNAL"}, "title": "Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>For the Reports application, for all Reports Users, disable <i>Online Access.</i></p><p><img alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-5.png\"></p><div>To do this:</div><ol><li>As the NGFW administrator, log into the UI and go to the Reports application.</li><li>For all users with the <i>Online Access</i> checkbox (red box) enabled, uncheck it.</li><li>Click Save.</li></ol><br>"}], "value": "For the Reports application, for all Reports Users, disable Online Access.\n\n\n\nTo do this:\n\n * As the NGFW administrator, log into the UI and go to the Reports application.\n * For all users with the Online Access\u00a0checkbox (red box) enabled, uncheck it.\n * Click Save."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-13T20:13:52.238229Z", "id": "CVE-2024-9134", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T20:14:00.556Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9134", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-13T20:13:52.238229Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-13T20:13:56.720Z"}}], "cna": {"title": "Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.", "source": {"defect": ["NGFW-14721"], "advisory": "105", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Mehmet INCE from PRODAFT.com"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "Arista Edge Threat Management", "versions": [{"status": "affected", "version": "17.1.0", "versionType": "custom", "lessThanOrEqual": "17.1.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade", "supportingMedia": [{"type": "text/html", "value": "<div>The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.</div><ul><li>17.2 Upgrade</li></ul>", "base64": false}]}], "datePublic": "2024-10-29T20:20:00.000Z", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"}], "workarounds": [{"lang": "en", "value": "For the Reports application, for all Reports Users, disable Online Access.\n\n\n\nTo do this:\n\n * As the NGFW administrator, log into the UI and go to the Reports application.\n * For all users with the Online Access\u00a0checkbox (red box) enabled, uncheck it.\n * Click Save.", "supportingMedia": [{"type": "text/html", "value": "<p>For the Reports application, for all Reports Users, disable <i>Online Access.</i></p><p><img alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-5.png\"></p><div>To do this:</div><ol><li>As the NGFW administrator, log into the UI and go to the Reports application.</li><li>For all users with the <i>Online Access</i> checkbox (red box) enabled, uncheck it.</li><li>Click Save.</li></ol><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89"}]}], "configurations": [{"lang": "en", "value": "If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Reports application.\n\n\nThe above picture shows the configuration panel for user access. The \u201creportuser@domain.com\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\n\nIndicators of CompromiseAny compromise will reveal itself via the postgres user running a non-standard postgres process. \u00a0\n\nFor example, an appropriate process list for running the postgres database will look like:\n\n# ps -u postgres -f\nUID \u00a0 \u00a0 \u00a0 \u00a0 PID \u00a0 PPID C STIME TTY \u00a0 \u00a0 \u00a0 \u00a0 TIME CMD\npostgres 94057 \u00a0 \u00a0 1 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres 94063 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:02 postgres: 13/main: checkpointer\npostgres 94064 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: background writer\npostgres 94065 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:12 postgres: 13/main: walwriter\npostgres 94066 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: autovacuum launcher\npostgres 94067 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:01 postgres: 13/main: stats collector\npostgres 94068 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: logical replication launcher\n\n\n\u00a0\n\nAdditional processes run by the postgres user indicating a potential compromise may look like:\n\npostgres 100172 100171 0 Feb06 pts/2 \u00a0 00:00:00 bash", "supportingMedia": [{"type": "text/html", "value": "<p>If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.</p><div> </div><div>To access this information:</div><ol><li>As the NGFW administrator, log into the UI and navigate to the Reports application.<p><img alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-4.png\"></p></li></ol><p>The above picture shows the configuration panel for user access. The \u201c<a target=\"_blank\" rel=\"nofollow\">reportuser@domain.com</a>\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.</p><h4>Indicators of Compromise</h4><p>Any compromise will reveal itself via the postgres user running a non-standard postgres process.  </p><p>For example, an appropriate process list for running the postgres database will look like:</p><pre># ps -u postgres -f\nUID         PID   PPID C STIME TTY         TIME CMD\npostgres 94057     1 0 Feb06 ?       00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres 94063 94057 0 Feb06 ?       00:00:02 postgres: 13/main: checkpointer\npostgres 94064 94057 0 Feb06 ?       00:00:00 postgres: 13/main: background writer\npostgres 94065 94057 0 Feb06 ?       00:00:12 postgres: 13/main: walwriter\npostgres 94066 94057 0 Feb06 ?       00:00:00 postgres: 13/main: autovacuum launcher\npostgres 94067 94057 0 Feb06 ?       00:00:01 postgres: 13/main: stats collector\npostgres 94068 94057 0 Feb06 ?       00:00:00 postgres: 13/main: logical replication launcher\n</pre><div> </div><p>Additional processes run by the postgres user indicating a potential compromise may look like:</p><pre>postgres 100172 100171 0 Feb06 pts/2   00:00:00 bash</pre><br>", "base64": false}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-01-10T21:44:17.415Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9134", "state": "PUBLISHED", "dateUpdated": "2025-01-13T20:14:00.556Z", "dateReserved": "2024-09-23T22:01:04.566Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2025-01-10T21:44:17.415Z", "assignerShortName": "Arista"}, "dataVersion": "5.1"}