CVE-2024-47520 – This vulnerability allows users with advanced r... (How to Fix)

Q: What is the severity of CVE-2024-47520?

CVE-2024-47520 has a CVSS score of 7.6 (HIGH). This vulnerability allows users with advanced report application access rights to perform unauthorized actions beyond their intended permissions. It affects Arista EOS systems where users have been granted specific report application privileges but can escalate their access.

📋 TL;DR

This vulnerability allows users with advanced report application access rights to perform unauthorized actions beyond their intended permissions. It affects Arista EOS systems where users have been granted specific report application privileges but can escalate their access.

💻 Affected Systems

Products:

Arista EOS

Versions: All versions prior to the fixed releases

Operating Systems: Arista EOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires users to have advanced report application access rights configured.

📦 What is this software?

Ng Firewall by Arista

View all CVEs affecting Ng Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated user could gain administrative privileges, modify system configurations, access sensitive data, or disrupt network operations.

🟠

Likely Case

Users with report access could view or modify data they shouldn't have access to, potentially exposing sensitive information or making unauthorized changes.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to minor privilege escalation within the reporting module.

🌐 Internet-Facing: MEDIUM - Risk exists if management interfaces are exposed, but exploitation requires authenticated access.

🏢 Internal Only: HIGH - Internal users with report access could exploit this to gain unauthorized privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access with specific report privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in specific EOS releases - check Arista advisory for exact versions

Vendor Advisory: https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

Restart Required: No

Instructions:

1. Review Arista advisory 20454 for exact fixed versions. 2. Upgrade affected EOS systems to patched versions. 3. Verify no unauthorized access occurred prior to patching.

🔧 Temporary Workarounds

Restrict Report Access

all

Limit advanced report application access to only essential users

Configure appropriate role-based access controls in EOS

🧯 If You Can't Patch

Implement strict access controls and monitor users with report privileges
Regularly audit user activities and permissions for anomalies

🔍 How to Verify

Check if Vulnerable:

Check EOS version and compare against patched versions in Arista advisory

Check Version:

show version

Verify Fix Applied:

Verify EOS version is updated to patched release and test report functionality

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts in report module logs
Unusual user activity from report-privileged accounts

Network Indicators:

Unusual report-related API calls or data exports

SIEM Query:

Search for report module access from non-admin users performing administrative actions

📊 Metadata

CVE ID: CVE-2024-47520

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE: CWE-653

EPSS Score: 0.17% exploit probability (37.8th percentile)

Published: January 10, 2025

Last Updated: September 29, 2025

🔗 References

https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47520, you might also want to check these: