CVE-2026-25620 PUBLISHED

Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection

Assigner: Arista
Reserved: 03.02.2026 Published: 05.06.2026 Updated: 05.06.2026

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P
CVSS Score: 7

Product Status

Vendor Arista Networks
Product Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)
Versions Default: unaffected
  • Version 17.4.0 is affected

Affected Configurations

In order to be vulnerable, the following cumulative conditions must be satisfied:

  • An NGFW system running exactly version 17.4.0.
  • The system administrator must navigate to the Captive Portal application interface.
  • The Captive Portal application must be actively installed and enabled.
  • Captive Portal Basic Login validation control must be enabled.

Workarounds

If managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter.

Solutions

The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.

Credits

  • Jon Williams & Ronan Kervella from Bishop Fox finder

References

Problem Types

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE

Impacts

  • CAPEC-88 OS Command Injection