Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-12829— Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability

EPSS 3.38% · P87
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-12829

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24015.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Arista NG Firewall 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Arista NG Firewall是美国Arista公司的一款 WEB 防火墙。 Arista NG Firewall存在操作系统命令注入漏洞,该漏洞源于在使用用户提供的字符串执行系统调用之前缺乏适当的验证,导致命令注入远程代码执行漏洞,允许远程攻击者在受影响的安装上执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AristaNG Firewall 17.1.1 -

II. Public POCs for CVE-2024-12829

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-12829

登录查看更多情报信息。

Same Patch Batch · Arista · 2024-12-20 · 4 CVEs total

CVE-2024-12830Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability
CVE-2024-12832Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability
CVE-2024-12831Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability

IV. Related Vulnerabilities

Same product: NG Firewall
Same vendor: Arista
Same weakness: CWE-78

V. Comments for CVE-2024-12829

No comments yet

Leave a comment