Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-4578
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Privilege escalation in Arista Wireless Access Points
Source: NVD (National Vulnerability Database)
Vulnerability Description
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Arista Wireless Access Points 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Arista Wireless Access Points是Arista公司的一款三射频 802.11ax 接入点。 Arista Wireless Access Points存在安全漏洞,该漏洞源于任何能够通过 SSH 且以配置用户身份对受影响 AP 进行身份验证的实体都能够通过生成 bash shell 来提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Arista NetworksArista Wireless Access Points 13.0.2.x ~ 13.0.2-28-vv1002 -
II. Public POCs for CVE-2024-4578
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-4578
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: Arista Networks
Same weakness: CWE-77
V. Comments for CVE-2024-4578

No comments yet

Leave a comment