Shodan
Vulnerabilities
Vulnerable Software
Arista:  >> Ng Firewall  >> 16.4.1  Security Vulnerabilities
CVE-2026-25624
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.
CVSS Score
5.8
EPSS Score
0.0
Published
2026-06-05
CVE-2026-25622
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.
CVSS Score
7.0
EPSS Score
0.001
Published
2026-06-05
CVE-2026-25623
An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.
CVSS Score
7.0
EPSS Score
0.001
Published
2026-06-05
CVE-2024-9134
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
CVSS Score
8.3
EPSS Score
0.002
Published
2025-01-10
CVE-2024-9188
Specially constructed queries cause cross platform scripting leaking administrator tokens
CVSS Score
8.8
EPSS Score
0.008
Published
2025-01-10
CVE-2024-47518
Specially constructed queries targeting ETM could discover active remote access sessions
CVSS Score
6.4
EPSS Score
0.001
Published
2025-01-10
CVE-2024-47519
Backup uploads to ETM subject to man-in-the-middle interception
CVSS Score
8.3
EPSS Score
0.001
Published
2025-01-10
CVE-2024-47520
A user with advanced report application access rights can perform actions for which they are not authorized
CVSS Score
7.6
EPSS Score
0.002
Published
2025-01-10
CVE-2024-9131
A user with administrator privileges can perform command injection
CVSS Score
7.2
EPSS Score
0.004
Published
2025-01-10
CVE-2024-9132
The administrator is able to configure an insecure captive portal script
CVSS Score
8.1
EPSS Score
0.008
Published
2025-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved