CVE-2024-4578 HIGH

CVE-2024-4578: Privilege escalation in Arista Wireless Access Points

Vendor Arista Networks
Product Arista Wireless Access Points
Weakness CWE-77
Published June 27, 2024
Last update August 1, 2024

CVSS base score

8.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.

Key dates

02Disclosure timeline

June 27, 2024 CVE published
August 1, 2024 Record updated