CVE-2026-25620
Awaiting Analysis
Awaiting Analysis - Queue
Encrypted Password Command Injection in Arista Next Generation Firewall
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: Arista Networks, Inc.
Description
Description
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arista | edge_threat_management | 17.4.0 |
| arista | edge_threat_management | to 17.4.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an encrypted password command injection issue found in the Captive Portal application framework of the Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). It specifically affects version 17.4.0 of the software, while earlier versions are not vulnerable.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized command execution due to the injection flaw, potentially allowing an attacker with high privileges to compromise the confidentiality, integrity, and availability of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70