HIGH✓ PATCH🇬🇧 English

CVE-2026-25622

CVSS 7.0v4.0pub. 2026-06-05upd. 2026-06-08

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X
  • Arista Ng Firewall

    APP
    Arista
    < 17.4.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
FirewallCommand Injection
CWE
Referencje

Powiązane podatności

CVE-2025-2767CRITICAL9.6PL ✓ten sam produkt

Arista NG Firewall: XSS w nagłówku User-Agent prowadzący do RCE

CVE-2026-25623HIGH7.0ten sam produkt

An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge T...

CVE-2026-25621HIGH7.0ten sam produkt

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Gener...

CVE-2026-25620HIGH7.0ten sam produkt

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Ar...

CVE-2024-9132HIGH8.1ten sam produkt

The administrator is able to configure an insecure captive portal script