CVE-2024-9132— The administrator is able to configure an insecure captive portal script
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-9132
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The administrator is able to configure an insecure captive portal script
Source: NVD (National Vulnerability Database)
Vulnerability Description
The administrator is able to configure an insecure captive portal script
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Arista NG Firewall 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Arista NG Firewall是美国Arista公司的一款 WEB 防火墙。 Arista NG Firewall存在安全漏洞,该漏洞源于管理员能够配置不安全的强制门户脚本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management | 17.1.0 ~ 17.1.1 | - |
II. Public POCs for CVE-2024-9132
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-9132
请登录查看更多情报信息。
Same Patch Batch · Arista Networks · 2025-01-10 · 13 CVEs total
| CVE-2024-9188 | 8.8 HIGH | Specially constructed queries cause cross platform scripting leaking administrator tokens |
| CVE-2024-47519 | 8.3 HIGH | Backup uploads to ETM subject to man-in-the-middle interception |
| CVE-2024-9134 | 8.3 HIGH | Multiple SQL Injection vulnerabilities exist in the reporting application. A user with ad |
| CVE-2024-47520 | 7.6 HIGH | A user with advanced report application access rights can perform actions for which they a |
| CVE-2024-9131 | 7.2 HIGH | A user with administrator privileges can perform command injection |
| CVE-2024-47517 | 6.8 MEDIUM | Expired and unusable administrator authentication tokens can be revealed by units that hav |
| CVE-2024-9133 | 6.6 MEDIUM | A user with administrator privileges is able to retrieve authentication tokens |
| CVE-2024-5872 | 6.5 MEDIUM | On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN t |
| CVE-2024-47518 | 6.4 MEDIUM | Specially constructed queries targeting ETM could discover active remote access sessions |
| CVE-2024-6437 | 5.8 MEDIUM | On affected platforms running Arista EOS with one of the following features configured to |
| CVE-2024-7142 | 4.6 MEDIUM | On Arista CloudVision Appliance (CVA) affected releases running on appliances that support |
| CVE-2024-7095 | 4.3 MEDIUM | On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit ma |
IV. Related Vulnerabilities
Same product: Arista Edge Threat Management
- CVE-2024-9188
Specially constructed queries cause cross platform scripting - CVE-2024-47520
A user with advanced report application access rights can pe - CVE-2024-47519
Backup uploads to ETM subject to man-in-the-middle intercept - CVE-2024-47518
Specially constructed queries targeting ETM could discover a - CVE-2024-47517
Expired and unusable administrator authentication tokens can
Same vendor: Arista Networks
- CVE-2025-7048
On affected platforms running Arista EOS with MACsec configu - CVE-2025-8872
A specially crafted packet can cause the OSFPv3 process to h - CVE-2025-8870
On affected platforms running Arista EOS, certain serial con - CVE-2025-54549
Cryptographic validation of upgrade images could be circumve - CVE-2025-54548
On affected platforms, restricted users could view sensitive
Same weakness: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. Comments for CVE-2024-9132
No comments yet