CVE-2024-47520

High

Published: 10 January 2025

Published

10 January 2025

Modified

29 September 2025

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS Score 0.0012 30.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A user with advanced report application access rights can perform actions for which they are not authorized

Security Summary

CVE-2024-47520 is an authorization vulnerability (CWE-653) affecting Arista software, where a user with advanced report application access rights can perform actions for which they are not authorized. It has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L), indicating high severity due to significant impacts on confidentiality and integrity.

The vulnerability can be exploited by a low-privileged, authenticated attacker over the network with low complexity, though it requires user interaction. Successful exploitation allows the attacker to achieve high confidentiality and integrity impacts, with low availability impact, enabling unauthorized actions beyond the user's intended permissions within the affected report application.

Arista's security advisory (https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105) provides details on patches and mitigations; security practitioners should consult it for specific remediation steps, such as applying updates to vulnerable components.

Details

CWE(s): CWE-653

Affected Products

arista

ng firewall

≤ 17.1.1

References

https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105
Mitigation, Vendor Advisory · psirt@arista.com