CVE-2024-12832 is a SQL Injection vulnerability identified in the ReportEntry class of Arista NG Firewall version 17.1.1. The root cause is improper neutralization of special elements in user-supplied input used to construct SQL commands, classified under CWE-89. This flaw allows an authenticated remote attacker to inject malicious SQL code, enabling arbitrary file creation and disclosure of sensitive information stored within the firewall system. The vulnerability can be chained with other security weaknesses to escalate privileges and execute arbitrary code under the www-data user context, which is typically the web server user with limited but significant permissions. The attack vector is network-based, requiring authentication but no additional user interaction, making it relatively easy to exploit once credentials are obtained. The CVSS v3.0 base score is 8.3, reflecting high impact on confidentiality and integrity, with a low impact on availability. The vulnerability was reserved and published by the Zero Day Initiative (ZDI) in December 2024 and currently has no publicly known exploits. The lack of proper input validation in SQL query construction highlights a critical security oversight in the affected software version. No patches are listed yet, so mitigation relies on access controls and monitoring until updates are available.

The vulnerability poses a significant risk to organizations deploying Arista NG Firewall 17.1.1, as it compromises the confidentiality and integrity of sensitive data managed by the firewall. Attackers with valid credentials can exploit the SQL Injection flaw to read sensitive files and create arbitrary files on the system, potentially leading to data leakage and persistence mechanisms for further attacks. The ability to execute arbitrary code as the www-data user can facilitate lateral movement within the network and undermine the firewall's security posture. Although availability impact is low, the breach of confidentiality and integrity can lead to regulatory compliance violations, reputational damage, and operational disruptions. Organizations relying on Arista NG Firewall for perimeter defense or internal segmentation may find their defenses bypassed or manipulated, increasing exposure to broader cyber threats.

1. Immediately restrict access to the Arista NG Firewall management interface to trusted administrators only, using network segmentation and firewall rules. 2. Enforce strong authentication mechanisms and monitor for unusual login activities to prevent credential compromise. 3. Apply the official security patch from Arista as soon as it becomes available; monitor vendor advisories closely. 4. Implement input validation and sanitization at the application level if custom integrations exist. 5. Conduct regular audits of firewall logs and system files to detect signs of exploitation or unauthorized file creation. 6. Use Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) capable of detecting SQL Injection attempts targeting the firewall management interface. 7. Limit the privileges of the www-data user and isolate critical components to reduce the impact of potential code execution. 8. Educate administrators on the risks of SQL Injection and the importance of credential security to reduce risk of exploitation.