CVE-2026-25620 (GCVE-0-2026-25620)
Vulnerability from cvelistv5
Published
2026-06-05 19:26
Modified
2026-06-05 20:23
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
7.0 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P
7.0 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) |
Version: 17.4.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:23:23.730510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:23:31.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
],
"product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable, the following cumulative conditions must be satisfied:\u003c/p\u003e\u003col\u003e\u003cli\u003eAn NGFW system running exactly version 17.4.0.\u003c/li\u003e\u003cli\u003eThe system administrator must navigate to the Captive Portal application interface.\u003c/li\u003e\u003cli\u003eThe Captive Portal application must be actively installed and enabled.\u003c/li\u003e\u003cli\u003eCaptive Portal Basic Login validation control must be enabled.\u003c/li\u003e\u003c/ol\u003e"
}
],
"value": "In order to be vulnerable, the following cumulative conditions must be satisfied:\n\n * An NGFW system running exactly version 17.4.0.\n * The system administrator must navigate to the Captive Portal application interface.\n * The Captive Portal application must be actively installed and enabled.\n * Captive Portal Basic Login validation control must be enabled."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
}
],
"datePublic": "2026-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.\u003c/p\u003e"
}
],
"value": "An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T19:26:36.797Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22867-security-advisory-0133"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
}
],
"value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
}
],
"source": {
"advisory": "0133",
"defect": [
"NGFW-15493"
],
"discovery": "EXTERNAL"
},
"title": "Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter.\u003c/p\u003e"
}
],
"value": "If managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-25620",
"datePublished": "2026-06-05T19:26:36.797Z",
"dateReserved": "2026-02-03T22:23:04.359Z",
"dateUpdated": "2026-06-05T20:23:31.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25620\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-05T20:23:23.730510Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-05T20:23:28.256Z\"}}], \"cna\": {\"title\": \"Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection\", \"source\": {\"defect\": [\"NGFW-15493\"], \"advisory\": \"0133\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jon Williams \u0026 Ronan Kervella from Bishop Fox\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"PRESENT\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"product\": \"Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.4.0\", \"versionType\": \"custom\"}], \"platforms\": [\"Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2026-02-03T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/22867-security-advisory-0133\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"If managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIf managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAn encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"In order to be vulnerable, the following cumulative conditions must be satisfied:\\n\\n * An NGFW system running exactly version 17.4.0.\\n * The system administrator must navigate to the Captive Portal application interface.\\n * The Captive Portal application must be actively installed and enabled.\\n * Captive Portal Basic Login validation control must be enabled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn order to be vulnerable, the following cumulative conditions must be satisfied:\u003c/p\u003e\u003col\u003e\u003cli\u003eAn NGFW system running exactly version 17.4.0.\u003c/li\u003e\u003cli\u003eThe system administrator must navigate to the Captive Portal application interface.\u003c/li\u003e\u003cli\u003eThe Captive Portal application must be actively installed and enabled.\u003c/li\u003e\u003cli\u003eCaptive Portal Basic Login validation control must be enabled.\u003c/li\u003e\u003c/ol\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2026-06-05T19:26:36.797Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25620\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-05T20:23:31.151Z\", \"dateReserved\": \"2026-02-03T22:23:04.359Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2026-06-05T19:26:36.797Z\", \"assignerShortName\": \"Arista\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…