CVE-2026-25624
- EPSS 0.15%
- Veröffentlicht 05.06.2026 19:34:37
- Zuletzt bearbeitet 08.06.2026 19:08:16
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrat...
- EPSS 5.95%
- Veröffentlicht 05.06.2026 19:31:49
- Zuletzt bearbeitet 08.06.2026 19:10:25
An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying term...
- EPSS 9.88%
- Veröffentlicht 05.06.2026 19:29:57
- Zuletzt bearbeitet 08.06.2026 19:10:56
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input h...
- EPSS 0.22%
- Veröffentlicht 05.06.2026 19:28:13
- Zuletzt bearbeitet 08.06.2026 19:13:54
A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not expose...
- EPSS 9.88%
- Veröffentlicht 05.06.2026 19:26:36
- Zuletzt bearbeitet 08.06.2026 19:15:23
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases ...
CVE-2025-2767
- EPSS 0.5%
- Veröffentlicht 23.04.2025 16:51:13
- Zuletzt bearbeitet 14.08.2025 14:40:30
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to expl...
CVE-2024-9188
- EPSS 0.47%
- Veröffentlicht 10.01.2025 22:15:27
- Zuletzt bearbeitet 29.09.2025 12:16:29
Specially constructed queries cause cross platform scripting leaking administrator tokens
CVE-2024-9134
- EPSS 0.6%
- Veröffentlicht 10.01.2025 22:15:27
- Zuletzt bearbeitet 18.12.2025 15:05:22
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privil...
CVE-2024-9132
- EPSS 0.66%
- Veröffentlicht 10.01.2025 22:15:26
- Zuletzt bearbeitet 29.09.2025 12:34:31
The administrator is able to configure an insecure captive portal script
CVE-2024-9133
- EPSS 0.16%
- Veröffentlicht 10.01.2025 22:15:26
- Zuletzt bearbeitet 29.09.2025 12:35:15
A user with administrator privileges is able to retrieve authentication tokens