CVE-2024-9132 – This vulnerability allows administrators to con... (How to Fix)

Q: What is the severity of CVE-2024-9132?

CVE-2024-9132 has a CVSS score of 8.1 (HIGH). This vulnerability allows administrators to configure insecure captive portal scripts in Arista EOS devices, potentially enabling remote code execution. Attackers could exploit this to execute arbitrary code on affected devices. This affects Arista EOS users with administrative access to captive portal configuration.

📋 TL;DR

This vulnerability allows administrators to configure insecure captive portal scripts in Arista EOS devices, potentially enabling remote code execution. Attackers could exploit this to execute arbitrary code on affected devices. This affects Arista EOS users with administrative access to captive portal configuration.

💻 Affected Systems

Products:

Arista EOS

Versions: All versions prior to the fix

Operating Systems: Arista EOS

Default Config Vulnerable: ✅ No

Notes: Requires administrator access to captive portal configuration. Not vulnerable in default configurations.

📦 What is this software?

Ng Firewall by Arista

View all CVEs affecting Ng Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of the device through arbitrary code execution, potentially compromising the entire network segment.

🟠

Likely Case

Privileged attacker with administrative access executes malicious scripts through the captive portal, leading to device compromise.

🟢

If Mitigated

With proper access controls and script validation, impact is limited to configuration errors without code execution.

🌐 Internet-Facing: MEDIUM - Only affects devices with captive portals exposed to untrusted networks.

🏢 Internal Only: HIGH - Administrative misuse or compromised credentials could lead to significant internal network compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires administrative access to configure malicious scripts. Exploitation depends on administrator actions or credential compromise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Arista advisory for specific fixed versions

Vendor Advisory: https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

Restart Required: No

Instructions:

1. Review Arista advisory for fixed versions. 2. Upgrade affected EOS devices to patched version. 3. Validate captive portal configurations post-upgrade.

🔧 Temporary Workarounds

Restrict Captive Portal Configuration Access

all

Limit administrative access to captive portal configuration to trusted personnel only

configure terminal
aaa authorization commands default local
aaa authorization commands console local

Validate Captive Portal Scripts

all

Implement script validation and review process for all captive portal configurations

🧯 If You Can't Patch

Implement strict access controls for administrative accounts
Monitor and audit all captive portal configuration changes

🔍 How to Verify

Check if Vulnerable:

Check EOS version and review captive portal configurations for potentially malicious scripts

Check Version:

show version | include Software image version

Verify Fix Applied:

Verify EOS version is patched and review captive portal configuration logs

📡 Detection & Monitoring

Log Indicators:

Unauthorized captive portal configuration changes
Suspicious script execution in captive portal logs

Network Indicators:

Unexpected network traffic from captive portal devices
Anomalous DNS or HTTP requests from portal

SIEM Query:

source="arista-eos" AND (event_type="configuration_change" AND object="captive-portal")

📊 Metadata

CVE ID: CVE-2024-9132

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.37% exploit probability (58.4th percentile)

Published: January 10, 2025

Last Updated: September 29, 2025

🔗 References

https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9132, you might also want to check these: