HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2026-25622

CVSS 7.0v4.0pub. 2026-06-05upd. 2026-06-08

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X
  • Arista Ng Firewall

    APP
    Arista
    < 17.4.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
FirewallCommand Injection
CWE
References

Related vulnerabilities

CVE-2025-2767CRITICAL9.6PL ✓ten sam produkt

Arista NG Firewall: XSS w nagłówku User-Agent prowadzący do RCE

CVE-2026-25623HIGH7.0ten sam produkt

An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge T...

CVE-2026-25621HIGH7.0ten sam produkt

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Gener...

CVE-2026-25620HIGH7.0ten sam produkt

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Ar...

CVE-2024-9132HIGH8.1ten sam produkt

The administrator is able to configure an insecure captive portal script