Vulnerability-Lookup

WID-SEC-W-2026-0350

Vulnerability from csaf_certbund - Published: 2026-02-09 23:00 - Updated: 2026-06-07 22:00

Summary

Arista NG Firewall: Mehrere Schwachstellen ermöglichen Codeausführung und Cross-Site Scripting

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Arista Next-Generation Firewall ist eine Netzwerksicherheitslösung, die darauf ausgelegt ist, den Netzwerkverkehr zu inspizieren und Bedrohungen zu blockieren.

Angriff: Ein entfernter Administrator kann mehrere Schwachstellen in Arista NG Firewall ausnutzen, um beliebigen Programmcode auszuführen und Cross-Site-Scripting-Angriffe durchzuführen.

Betroffene Betriebssysteme: - Appliance

CVE-2025-6978

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Arista NG Firewall <17.4.0 Arista / NG Firewall		<17.4.0

CVE-2026-25620

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Arista NG Firewall <17.4.0 Arista / NG Firewall		<17.4.0

CVE-2026-25621

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Arista NG Firewall <17.4.0 Arista / NG Firewall		<17.4.0

CVE-2026-25622

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Arista NG Firewall <17.4.0 Arista / NG Firewall		<17.4.0

CVE-2026-25623

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Arista NG Firewall <17.4.0 Arista / NG Firewall		<17.4.0

CVE-2026-25624

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Arista NG Firewall <17.4.0 Arista / NG Firewall		<17.4.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.arista.com/en/support/advisories-noti…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Arista Next-Generation Firewall ist eine Netzwerksicherheitsl\u00f6sung, die darauf ausgelegt ist, den Netzwerkverkehr zu inspizieren und Bedrohungen zu blockieren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Administrator kann mehrere Schwachstellen in Arista NG Firewall ausnutzen, um beliebigen Programmcode auszuf\u00fchren und Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0350 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0350.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0350 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0350"
      },
      {
        "category": "external",
        "summary": "Arista Security Advisory 0133 vom 2026-02-03",
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
      }
    ],
    "source_lang": "en-US",
    "title": "Arista NG Firewall: Mehrere Schwachstellen erm\u00f6glichen Codeausf\u00fchrung und Cross-Site Scripting",
    "tracking": {
      "current_release_date": "2026-06-07T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-08T09:27:36.789+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-0350",
      "initial_release_date": "2026-02-09T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-09T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-34909, EUVD-2026-34907, EUVD-2026-34905, EUVD-2026-34903, EUVD-2026-34911"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c17.4.0",
                "product": {
                  "name": "Arista NG Firewall \u003c17.4.0",
                  "product_id": "T050637"
                }
              },
              {
                "category": "product_version",
                "name": "17.4.0",
                "product": {
                  "name": "Arista NG Firewall 17.4.0",
                  "product_id": "T050637-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:arista:ng_firewall:17.4.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NG Firewall"
          }
        ],
        "category": "vendor",
        "name": "Arista"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-6978",
      "product_status": {
        "known_affected": [
          "T050637"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-6978"
    },
    {
      "cve": "CVE-2026-25620",
      "product_status": {
        "known_affected": [
          "T050637"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-25620"
    },
    {
      "cve": "CVE-2026-25621",
      "product_status": {
        "known_affected": [
          "T050637"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-25621"
    },
    {
      "cve": "CVE-2026-25622",
      "product_status": {
        "known_affected": [
          "T050637"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-25622"
    },
    {
      "cve": "CVE-2026-25623",
      "product_status": {
        "known_affected": [
          "T050637"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-25623"
    },
    {
      "cve": "CVE-2026-25624",
      "product_status": {
        "known_affected": [
          "T050637"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-25624"
    }
  ]
}

CVE-2025-6978 (GCVE-0-2025-6978)

Vulnerability from cvelistv5 – Published: 2025-10-23 18:50 – Updated: 2025-10-23 18:58

Title

Diagnostics command injection vulnerability

Summary

Diagnostics command injection vulnerability

Severity

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

Arista

References

1 reference

URL	Tags
https://https://www.arista.com/en/support/advisor…

Impacted products

1 product

Vendor	Product	Version
Arista Networks	Arista Edge Threat Management - Arista Next Generation Firewall	Affected: 0.0 , ≤ 17.3.1 (custom)

Date Public

2025-10-21 15:00

Credits

Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6978

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-23T18:58:35.986380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-23T18:58:45.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Arista Edge Threat Management - Arista Next Generation Firewall",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "17.3.1",
              "status": "affected",
              "version": "0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ch4\u003e\u003c/h4\u003e\u003ch4\u003eCVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerability\u003c/h4\u003e\u003cp\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eA successful attack requires administrative access to the NGFW UI.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerabilityRequired Configuration for Exploitation\n\n  *  A successful attack requires administrative access to the NGFW UI."
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "17.3.1",
                  "versionStartIncluding": "0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6978"
        }
      ],
      "datePublic": "2025-10-21T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDiagnostics command injection vulnerability\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Diagnostics command injection vulnerability"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-23T18:50:14.706Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.4 Upgrade\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n  *  17.4 Upgrade"
        }
      ],
      "source": {
        "advisory": "123",
        "defect": [
          "NGFW-15195"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Diagnostics command injection vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ch4\u003e\u003c/h4\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDo not allow non-authorized administrative access or access to the administrative browser.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Do not allow non-authorized administrative access or access to the administrative browser."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2025-6978",
    "datePublished": "2025-10-23T18:50:14.706Z",
    "dateReserved": "2025-07-01T16:52:56.316Z",
    "dateUpdated": "2025-10-23T18:58:45.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2026-25620 (GCVE-0-2026-25620)

Vulnerability from cvelistv5 – Published: 2026-06-05 19:26 – Updated: 2026-06-05 20:23

Title

Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection

Summary

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

Severity

6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

Arista

References

1 reference

URL	Tags
https://www.arista.com/en/support/advisories-noti…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Arista Networks	Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)	Affected: 17.4.0 (custom)

Date Public

2026-02-03 00:00

Credits

Jon Williams & Ronan Kervella from Bishop Fox

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25620",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:23:23.730510Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:23:31.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
          ],
          "product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
          "vendor": "Arista Networks",
          "versions": [
            {
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn order to be vulnerable, the following cumulative conditions must be satisfied:\u003c/p\u003e\u003col\u003e\u003cli\u003eAn NGFW system running exactly version 17.4.0.\u003c/li\u003e\u003cli\u003eThe system administrator must navigate to the Captive Portal application interface.\u003c/li\u003e\u003cli\u003eThe Captive Portal application must be actively installed and enabled.\u003c/li\u003e\u003cli\u003eCaptive Portal Basic Login validation control must be enabled.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "In order to be vulnerable, the following cumulative conditions must be satisfied:\n\n  *  An NGFW system running exactly version 17.4.0.\n  *  The system administrator must navigate to the Captive Portal application interface.\n  *  The Captive Portal application must be actively installed and enabled.\n  *  Captive Portal Basic Login validation control must be enabled."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
        }
      ],
      "datePublic": "2026-02-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.\u003c/p\u003e"
            }
          ],
          "value": "An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T19:26:36.797Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22867-security-advisory-0133"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
        }
      ],
      "source": {
        "advisory": "0133",
        "defect": [
          "NGFW-15493"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIf managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter.\u003c/p\u003e"
            }
          ],
          "value": "If managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2026-25620",
    "datePublished": "2026-06-05T19:26:36.797Z",
    "dateReserved": "2026-02-03T22:23:04.359Z",
    "dateUpdated": "2026-06-05T20:23:31.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25621 (GCVE-0-2026-25621)

Vulnerability from cvelistv5 – Published: 2026-06-05 19:28 – Updated: 2026-06-05 20:26

Title

Arista Edge Threat Management NGFW Reports Application Insecure Input Validation

Summary

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

Severity

6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

Arista

References

1 reference

URL	Tags
https://www.arista.com/en/support/advisories-noti…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Arista Networks	Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)	Affected: 17.4.0 (custom)

Date Public

2026-02-03 00:00

Credits

Jon Williams & Ronan Kervella from Bishop Fox

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:26:29.068961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:26:36.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
          ],
          "product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
          "vendor": "Arista Networks",
          "versions": [
            {
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn order to be vulnerable, the following cumulative conditions must be satisfied:\u003c/p\u003e\u003col\u003e\u003cli\u003eAn NGFW system running exactly version 17.4.0.\u003c/li\u003e\u003cli\u003eSuccessful administrative interface access authentication privileges verified.\u003c/li\u003e\u003cli\u003eNavigation to the Reports application dashboard under the Data subsystem.\u003c/li\u003e\u003cli\u003eProcessing an upload interaction within the Import/Restore Data Backup Files field utilizing a specially crafted malicious input file.\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "In order to be vulnerable, the following cumulative conditions must be satisfied:\n\n  *  An NGFW system running exactly version 17.4.0.\n  *  Successful administrative interface access authentication privileges verified.\n  *  Navigation to the Reports application dashboard under the Data subsystem.\n  *  Processing an upload interaction within the Import/Restore Data Backup Files field utilizing a specially crafted malicious input file."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
        }
      ],
      "datePublic": "2026-02-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.\u003c/p\u003e"
            }
          ],
          "value": "A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T19:28:13.886Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
        }
      ],
      "source": {
        "advisory": "0133",
        "defect": [
          "NGFW-15491"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Arista Edge Threat Management NGFW Reports Application Insecure Input Validation",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePer operational best practice security models, do not allow unauthorized administrative access to the administrative browser.\u003c/p\u003e"
            }
          ],
          "value": "Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2026-25621",
    "datePublished": "2026-06-05T19:28:13.886Z",
    "dateReserved": "2026-02-03T22:23:04.359Z",
    "dateUpdated": "2026-06-05T20:26:36.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25622 (GCVE-0-2026-25622)

Vulnerability from cvelistv5 – Published: 2026-06-05 19:29 – Updated: 2026-06-05 20:26

Title

Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection

Summary

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.

Severity

6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

Arista

References

1 reference

URL	Tags
https://www.arista.com/en/support/advisories-noti…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Arista Networks	Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)	Affected: 0 , ≤ 17.4.0 (custom)

Date Public

2026-02-03 00:00

Credits

Jon Williams & Ronan Kervella from Bishop Fox

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:26:51.450858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:26:59.005Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
          ],
          "product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "17.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA successful attack requires authenticated administrative interface access rights over the targeted NGFW UI deployment endpoint.\u003c/p\u003e"
            }
          ],
          "value": "A successful attack requires authenticated administrative interface access rights over the targeted NGFW UI deployment endpoint."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
        }
      ],
      "datePublic": "2026-02-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.\u003c/p\u003e"
            }
          ],
          "value": "A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T19:29:57.126Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
        }
      ],
      "source": {
        "advisory": "0133",
        "defect": [
          "NGFW-15494"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePer operational best practice security models, do not allow unauthorized administrative access to the administrative browser.\u003c/p\u003e"
            }
          ],
          "value": "Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2026-25622",
    "datePublished": "2026-06-05T19:29:57.126Z",
    "dateReserved": "2026-02-03T22:23:04.359Z",
    "dateUpdated": "2026-06-05T20:26:59.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25623 (GCVE-0-2026-25623)

Vulnerability from cvelistv5 – Published: 2026-06-05 19:31 – Updated: 2026-06-05 20:27

Title

Arista Edge Threat Management NGFW UI Arbitrary Command Execution

Summary

An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.

Severity

6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

Arista

References

1 reference

URL	Tags
https://www.arista.com/en/support/advisories-noti…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Arista Networks	Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)	Affected: 0 , ≤ 17.4.0 (custom)

Date Public

2026-02-03 00:00

Credits

Jon Williams & Ronan Kervella from Bishop Fox

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25623",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:27:12.326159Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:27:23.391Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
          ],
          "product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "17.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA successful attack requires high-privileged authenticated management interface configuration access to the NGFW web platform.\u003c/p\u003e"
            }
          ],
          "value": "A successful attack requires high-privileged authenticated management interface configuration access to the NGFW web platform."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
        }
      ],
      "datePublic": "2026-02-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.\u003c/p\u003e"
            }
          ],
          "value": "An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88 OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T19:31:49.749Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
        }
      ],
      "source": {
        "advisory": "0133",
        "defect": [
          "NGFW-15490"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Arista Edge Threat Management NGFW UI Arbitrary Command Execution",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePer operational best practice security models, do not allow unauthorized administrative access to the administrative browser.\u003c/p\u003e"
            }
          ],
          "value": "Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2026-25623",
    "datePublished": "2026-06-05T19:31:49.749Z",
    "dateReserved": "2026-02-03T22:23:04.359Z",
    "dateUpdated": "2026-06-05T20:27:23.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25624 (GCVE-0-2026-25624)

Vulnerability from cvelistv5 – Published: 2026-06-05 19:34 – Updated: 2026-06-05 20:28

Title

Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting

Summary

An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.

Severity

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

5.8 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-Site Scripting')

Assigner

Arista

References

1 reference

URL	Tags
https://www.arista.com/en/support/advisories-noti…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Arista Networks	Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)	Affected: 0 , ≤ 17.4.0 (custom)

Date Public

2026-02-03 00:00

Credits

Jon Williams & Ronan Kervella from Bishop Fox

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25624",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T20:27:35.700216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T20:28:03.806Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
          ],
          "product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "17.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA successful attack requires administrative privileges to target UI entry forms and relies on session interaction parsing from a secondary administrator browser window.\u003c/p\u003e"
            }
          ],
          "value": "A successful attack requires administrative privileges to target UI entry forms and relies on session interaction parsing from a secondary administrator browser window."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
        }
      ],
      "datePublic": "2026-02-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.\u003c/p\u003e"
            }
          ],
          "value": "An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-Site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T19:34:37.618Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
        }
      ],
      "source": {
        "advisory": "0133",
        "defect": [
          "NGFW-15492"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePer operational best practice security models, do not allow unauthorized administrative access to the administrative browser.\u003c/p\u003e"
            }
          ],
          "value": "Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2026-25624",
    "datePublished": "2026-06-05T19:34:37.618Z",
    "dateReserved": "2026-02-03T22:23:04.359Z",
    "dateUpdated": "2026-06-05T20:28:03.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0350

CVE-2025-6978 (GCVE-0-2025-6978)

CVE-2026-25620 (GCVE-0-2026-25620)

CVE-2026-25621 (GCVE-0-2026-25621)

CVE-2026-25622 (GCVE-0-2026-25622)

CVE-2026-25623 (GCVE-0-2026-25623)

CVE-2026-25624 (GCVE-0-2026-25624)

Tags

Sightings

Nomenclature