Arista NG Firewall Unauthorized Actions Vulnerability in Reporting Application

A vulnerability exists in Arista NG Firewall in versions through 17.1.1, allowing users with advanced report application access to perform unauthorized actions. This issue is linked to improper isolation or compartmentalization, enabling exploitation of SQL injection vulnerabilities in the reporting application. As a result, affected users could execute commands on the underlying operating system with elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed within the application, potentially allowing for elevated privileges on the underlying operating system.

Reproduction

To reproduce this vulnerability, log into the Arista NG Firewall as an administrator and navigate to the Reports application. Ensure that at least one Report User has 'Online Access' enabled. Once confirmed, the vulnerability can be exploited by performing actions that will be reflected as settings changes for the report user in the 'All Settings Changes' section.

Remediation

To address this vulnerability, disable 'Online Access' for all Report Users. This can be done by navigating to the Reports application as an administrator, unchecking the 'Online Access' box for affected users, and clicking 'Save'.