CVE-2024-9133 – This vulnerability allows administrators to ret... (How to Fix)

Q: What is the severity of CVE-2024-9133?

CVE-2024-9133 has a CVSS score of 6.6 (MEDIUM). This vulnerability allows administrators to retrieve authentication tokens, potentially enabling privilege escalation or lateral movement. It affects Arista network devices where administrators have access to token retrieval mechanisms.

📋 TL;DR

This vulnerability allows administrators to retrieve authentication tokens, potentially enabling privilege escalation or lateral movement. It affects Arista network devices where administrators have access to token retrieval mechanisms.

💻 Affected Systems

Products:

Arista EOS

Versions: Specific versions not detailed in advisory; check vendor advisory for exact ranges

Operating Systems: Arista EOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator privileges; affects systems where token retrieval functionality is accessible to admins.

📦 What is this software?

Ng Firewall by Arista

View all CVEs affecting Ng Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator obtains tokens for other users or services, leading to complete system compromise, data exfiltration, or persistent backdoor access.

🟠

Likely Case

Administrator misuses legitimate access to gather tokens for unauthorized activities, potentially bypassing audit trails or accessing restricted systems.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized administrative actions with full accountability.

🌐 Internet-Facing: MEDIUM - Risk exists if administrative interfaces are exposed, but exploitation requires admin credentials.

🏢 Internal Only: HIGH - Internal administrators can exploit this vulnerability to expand their access beyond intended permissions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator access; complexity is low once admin credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific fixed versions

Vendor Advisory: https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

Restart Required: Yes

Instructions:

1. Review vendor advisory for affected versions. 2. Upgrade to patched version. 3. Restart affected devices. 4. Verify patch application.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative access to only trusted personnel and implement strict access controls.

Implement Token Monitoring

all

Monitor token generation and usage logs for suspicious activities.

🧯 If You Can't Patch

Implement strict least-privilege access controls for administrators
Enable detailed logging and monitoring of token-related activities

🔍 How to Verify

Check if Vulnerable:

Check if running affected Arista EOS version and if administrators can retrieve authentication tokens via available interfaces.

Check Version:

show version | include Software image version

Verify Fix Applied:

Verify device is running patched version and test that administrators can no longer retrieve unauthorized tokens.

📡 Detection & Monitoring

Log Indicators:

Unusual token retrieval events by administrators
Multiple token requests in short timeframes

Network Indicators:

Unexpected authentication attempts using retrieved tokens

SIEM Query:

source="arista" AND (event="token_retrieval" OR event="authentication_token")

📊 Metadata

CVE ID: CVE-2024-9133

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-287

EPSS Score: 0.03% exploit probability (6.5th percentile)

Published: January 10, 2025

Last Updated: September 29, 2025

🔗 References

https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9133, you might also want to check these: