Skip to main content

Ng Firewall CVE-2024-47519

HIGH
Key Exchange without Entity Authentication (CWE-322)
2025-01-10 psirt@arista.com
8.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.3 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:02 vuln.today
CVE Published
Jan 10, 2025 - 22:15 nvd
HIGH 8.3

DescriptionCVE.org

Backup uploads to ETM subject to man-in-the-middle interception

AnalysisAI

Backup uploads to ETM subject to man-in-the-middle interception. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-322. Backup uploads to ETM subject to man-in-the-middle interception Affected products include: Arista Ng Firewall.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-2767 CRITICAL
9.6 Apr 23

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.

CVE-2024-12829 HIGH
8.8 Dec 20

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8)

CVE-2024-27889 HIGH
8.8 Mar 04

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista

CVE-2024-12831 HIGH
7.8 Dec 20

Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8),

CVE-2024-12830 HIGH
7.3 Dec 20

Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3

CVE-2019-18647 HIGH
7.2 Nov 14

The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user. Rat

CVE-2019-18646 HIGH
7.2 Nov 14

The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColu

CVE-2026-25622 HIGH
7.0 Jun 05

Command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) Captive Portal Custom Handler allows

CVE-2026-25620 HIGH
7.0 Jun 05

Command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) version 17.4.0 allows authenticated h

CVE-2026-25623 HIGH
7.0 Jun 05

Authenticated command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) allows administrators w

CVE-2026-25621 HIGH
7.0 Jun 05

Command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) version 17.4.0 allows high-privileged

CVE-2024-12832 MEDIUM
6.3 Dec 20

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. Rated medium severity (CVSS 6.

Share

CVE-2024-47519 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy