CVE-2024-9132

Summary

The administrator is able to configure an insecure captive portal script

Affected Software

VendorProductVersion RangeStatus
Arista NetworksArista Edge Threat Management17.1.0 <= 17.1.1affected

Weaknesses

  • CWE-94: CWE-94

Workarounds

Disable custom page.

  • As the NGFW administrator, log into the UI and navigate to the Captive Portal application.
  • Select either “Basic Message” or “Basic Login”
  • Click Save.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References