CVE-2024-9133— A user with administrator privileges is able to retrieve authentication tokens

CVSS 6.6 · Medium EPSS 0.03% · P9 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-9133

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

A user with administrator privileges is able to retrieve authentication tokens

Source: NVD (National Vulnerability Database)

Vulnerability Description

A user with administrator privileges is able to retrieve authentication tokens

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

认证机制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Arista NG Firewall 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Arista NG Firewall是美国Arista公司的一款 WEB 防火墙。 Arista NG Firewall存在安全漏洞，该漏洞源于具有管理员权限的用户能够检索身份验证令牌。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Arista Networks	Arista Edge Threat Management	17.1.0 ~ 17.1.1	-

II. Public POCs for CVE-2024-9133

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-9133

请登录查看更多情报信息。

Same Patch Batch · Arista Networks · 2025-01-10 · 13 CVEs total

CVE-2024-9188	8.8 HIGH	Specially constructed queries cause cross platform scripting leaking administrator tokens
CVE-2024-47519	8.3 HIGH	Backup uploads to ETM subject to man-in-the-middle interception
CVE-2024-9134	8.3 HIGH	Multiple SQL Injection vulnerabilities exist in the reporting application. A user with ad
CVE-2024-9132	8.1 HIGH	The administrator is able to configure an insecure captive portal script
CVE-2024-47520	7.6 HIGH	A user with advanced report application access rights can perform actions for which they a
CVE-2024-9131	7.2 HIGH	A user with administrator privileges can perform command injection
CVE-2024-47517	6.8 MEDIUM	Expired and unusable administrator authentication tokens can be revealed by units that hav
CVE-2024-5872	6.5 MEDIUM	On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN t
CVE-2024-47518	6.4 MEDIUM	Specially constructed queries targeting ETM could discover active remote access sessions
CVE-2024-6437	5.8 MEDIUM	On affected platforms running Arista EOS with one of the following features configured to
CVE-2024-7142	4.6 MEDIUM	On Arista CloudVision Appliance (CVA) affected releases running on appliances that support
CVE-2024-7095	4.3 MEDIUM	On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit ma

IV. Related Vulnerabilities

Same product: Arista Edge Threat Management

Same vendor: Arista Networks

Same weakness: CWE-287

V. Comments for CVE-2024-9133

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9133— A user with administrator privileges is able to retrieve authentication tokens

I. Basic Information for CVE-2024-9133

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-9133

III. Intelligence Information for CVE-2024-9133

Same Patch Batch · Arista Networks · 2025-01-10 · 13 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-9133

Leave a comment