Arista: >> Ng Firewall >> 17.1.1 Security Vulnerabilities
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability.
The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-04-23
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
CVSS Score
8.3
EPSS Score
0.006
Published
2025-01-10
Specially constructed queries cause cross platform scripting leaking administrator tokens
CVSS Score
8.8
EPSS Score
0.003
Published
2025-01-10
Specially constructed queries targeting ETM could discover active remote access sessions
CVSS Score
6.4
EPSS Score
0.001
Published
2025-01-10
Backup uploads to ETM subject to man-in-the-middle interception
CVSS Score
8.3
EPSS Score
0.001
Published
2025-01-10
A user with advanced report application access rights can perform actions for which they are not authorized
CVSS Score
7.6
EPSS Score
0.002
Published
2025-01-10
A user with administrator privileges can perform command injection
CVSS Score
7.2
EPSS Score
0.006
Published
2025-01-10
The administrator is able to configure an insecure captive portal script
CVSS Score
8.1
EPSS Score
0.004
Published
2025-01-10
A user with administrator privileges is able to retrieve authentication tokens
CVSS Score
6.6
EPSS Score
0.0
Published
2025-01-10
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
CVSS Score
6.8
EPSS Score
0.001
Published
2025-01-10
Page 1