CVE-2024-9134 – Multiple SQL injection vulnerabilities in the r... (How to Fix)

Q: What is the severity of CVE-2024-9134?

CVE-2024-9134 has a CVSS score of 8.3 (HIGH). Multiple SQL injection vulnerabilities in the reporting application allow authenticated users with advanced report access rights to execute arbitrary SQL commands. Successful exploitation can lead to remote command execution on the underlying operating system with elevated privileges. Organizations using the vulnerable reporting application are affected.

📋 TL;DR

Multiple SQL injection vulnerabilities in the reporting application allow authenticated users with advanced report access rights to execute arbitrary SQL commands. Successful exploitation can lead to remote command execution on the underlying operating system with elevated privileges. Organizations using the vulnerable reporting application are affected.

💻 Affected Systems

Products:

Arista reporting application

Versions: Specific versions not detailed in advisory

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user with advanced report application access rights

📦 What is this software?

Ng Firewall by Arista

View all CVEs affecting Ng Firewall →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of the underlying operating system, leading to data exfiltration, system compromise, and lateral movement within the network.

🟠

Likely Case

Attacker extracts sensitive database information, modifies or deletes data, and potentially escalates to command execution depending on database configuration.

🟢

If Mitigated

Attack limited to SQL data manipulation without OS command execution due to proper database permissions and input validation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access with specific privileges

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in advisory

Vendor Advisory: https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

Restart Required: No

Instructions:

Apply the latest security update from Arista following vendor instructions

🔧 Temporary Workarounds

Input validation and parameterized queries

all

Implement proper input validation and use parameterized queries to prevent SQL injection

Principle of least privilege

all

Restrict database user permissions to minimum required functions

🧯 If You Can't Patch

Implement web application firewall with SQL injection rules
Restrict network access to reporting application and monitor for suspicious SQL queries

🔍 How to Verify

Check if Vulnerable:

Check application version against vendor advisory and test for SQL injection vulnerabilities

Check Version:

Check application version through admin interface or configuration files

Verify Fix Applied:

Verify patch installation and test that SQL injection attempts are properly blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns
Multiple failed login attempts followed by SQL errors
Database error logs showing SQL syntax errors

Network Indicators:

Unusual database connection patterns from application servers
SQL queries with suspicious characters or patterns

SIEM Query:

source="application_logs" AND ("sql" OR "database") AND ("error" OR "injection" OR "syntax")

📊 Metadata

CVE ID: CVE-2024-9134

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-89

EPSS Score: 0.56% exploit probability (67.7th percentile)

Published: January 10, 2025

Last Updated: December 18, 2025

🔗 References

https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 Exploit,Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9134, you might also want to check these: