CVE-2024-9134

Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management versions up to 17.1.1

Description Multiple SQL Injection vulnerabilities exist in the reporting application, allowing a user with advanced report application access rights to exploit the SQL injection. This enables them to execute commands on the underlying operating system with elevated privileges.

Recommendations For Arista Edge Threat Management versions up to 17.1.1, consider restricting access to the reporting application to minimize the risk of exploitation until a security fix is applied. As a temporary workaround, limit the privileges of users with advanced report application access rights to prevent elevated command execution on the underlying operating system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.