The administrator is able to configure an insecure captive portal script
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HArista Ng Firewall
APPArista≤ 17.1.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Powiązane podatności
CVE-2025-2767CRITICAL9.6PL ✓ten sam produkt
Arista NG Firewall: XSS w nagłówku User-Agent prowadzący do RCE
CVE-2026-25622HIGH7.0ten sam produkt
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Aris...
CVE-2026-25621HIGH7.0ten sam produkt
A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Gener...
CVE-2026-25620HIGH7.0ten sam produkt
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Ar...
CVE-2026-25623HIGH7.0ten sam produkt
An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge T...