How severe is CVE-2024-4578?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2024-4578?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2024-4578 - HIGH Severity | CVSS 8.4

Vulnerability Description

This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.

Related Vulnerabilities

CVE-2020-14433

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS...

CWE-772020

CVE-2020-14434

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RB...

CWE-772020

CVE-2020-35777

HIGH

CVSS:8.4(High)

NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.

CWE-772020

CVE-2021-29069

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76.

CWE-772021

CVE-2021-29070

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and...

CWE-772021

CVE-2021-29072

HIGH

CVSS:8.4(High)

CWE-772021