CVE-2024-47520

Summary

A user with advanced report application access rights can perform actions for which they are not authorized

Affected Software

VendorProductVersion RangeStatus
Arista NetworksArista Edge Threat Management17.1.0 <= 17.1.1affected

Weaknesses

  • CWE-653: CWE-653

Workarounds

For the Reports application, for all Reports Users, disable Online Access.

 

To do this:

  • As the NGFW administrator, log into the UI and go to the Reports application.
  • For all users with the Online Access checkbox (red box) enabled, uncheck it.
  • Click Save.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References