7
CVE-2026-25622
- EPSS 9.88%
- Veröffentlicht 05.06.2026 19:29:57
- Zuletzt bearbeitet 08.06.2026 19:10:56
- Quelle psirt@arista.com
- CVE-Watchlists
- Unerledigt
Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arista ≫ Ng Firewall Version < 17.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.88% | 0.95 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@arista.com | 7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X
|
| psirt@arista.com | 6 | 1.2 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133