Main Vulnerability Database Vulnerabilities #VU109375

Information disclosure in Arista Edge Threat Management - Arista NG Firewall (NGFW) - CVE-2024-47517

Published: May 17, 2025

Vulnerability identifier: #VU109375

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-47517

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Arista Networks

Affected software:
Arista Edge Threat Management - Arista NG Firewall (NGFW)

Detailed vulnerability description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access.

How to mitigate CVE-2024-47517

Install updates from vendor's website.

Sources

https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105

Information disclosure in Arista Edge Threat Management - Arista NG Firewall (NGFW) - CVE-2024-47517

Detailed vulnerability description

How to mitigate CVE-2024-47517

Sources

Please verify you're human