Description
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.
Published: 2026-06-05
Score: 7 High
EPSS: 10.2% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a command injection flaw in the Captive Portal Custom Handler of Arista Edge Threat Management NGFW. An administrative user logged into the web interface can supply input that is executed as shell commands on the platform. The flaw is identified as CWE-78 and allows attackers to run arbitrary commands, leading to full control over the firewall appliance. Compromise of this system would disclose sensitive network topology and could allow lateral movement or service disruption.

Affected Systems

Affected systems are Arista Networks' Arista Edge Threat Management – Arista Next Generation Firewall. Versions prior to NGFW 17.4.1 are impacted. The official advisory does not list all affected build numbers, but it recommends upgrading to version 17.4.1 to remediate the flaw.

Risk and Exploitability

The CVSS score of 7.0 indicates a high severity with exploitable impact when an attacker has administrative access. The EPSS score is 10%, but the advisory does not indicate active exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to access the administrative browser with legitimate credentials and then exploit the input handling to inject commands. Without administrative access or a valid session, the attack vector would be limited, so the intrinsic exploitability is moderate.

Generated by OpenCVE AI on June 18, 2026 at 07:23 UTC.

Remediation

Vendor Solution

The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.

Vendor Workaround

Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser.

OpenCVE Recommended Actions

  • Upgrade the NGFW to version 17.4.1 or later.
  • Restrict administrative access to the admin browser to trusted personnel only, following operational best practice.
  • Disable or remove the custom captive portal handler if not needed and enforce input validation on all administrative interfaces.

Generated by OpenCVE AI on June 18, 2026 at 07:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Arista ng Firewall
CPEs cpe:2.3:a:arista:ng_firewall:*:*:*:*:*:*:*:*
Vendors & Products Arista ng Firewall

Sun, 07 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Arista
Arista edge Threat Management
Vendors & Products Arista
Arista edge Threat Management

Fri, 05 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.
Title Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P'}

Subscriptions

Arista Edge Threat Management Ng Firewall
cve-icon MITRE

Status: PUBLISHED

Assigner: Arista

Published:

Updated: 2026-06-05T20:26:59.005Z

Reserved: 2026-02-03T22:23:04.359Z

Link: CVE-2026-25622

cve-icon Vulnrichment

Updated: 2026-06-05T20:26:55.753Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-05T20:17:30.820

Modified: 2026-06-08T19:10:56.303

Link: CVE-2026-25622

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:30:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')