SB20260415109 - Multiple vulnerabilities in Arista NGFW

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) OS Command Injection (CVE-ID: CVE-2025-6978)

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the implementation of the runTroubleshooting method. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) OS Command Injection (CVE-ID: CVE-2026-25620)

The vulnerability allows a remote user to execute arbitrary commands.

The vulnerability exists due to command injection in the encrypted password handling functionality of the Captive Portal application when processing crafted input in the NGFW user interface. A remote privileged user can submit crafted input to execute arbitrary commands.

Only systems with the Captive Portal application installed and enabled, and with Captive Portal Basic Login enabled, are vulnerable.

3) OS Command Injection (CVE-ID: CVE-2026-25621)

The vulnerability allows a remote user to execute arbitrary commands.

The vulnerability exists due to improper input validation in the Reports application when importing or restoring a crafted SQL file through the Data tab. A remote privileged user can supply a specially crafted SQL file to execute arbitrary commands.

Exploitation requires use of the Import/Restore Data Backup Files field in the Reports application.

4) OS Command Injection (CVE-ID: CVE-2026-25622)

The vulnerability allows a remote user to execute arbitrary commands.

The vulnerability exists due to command injection in the Captive Portal Custom Handler when handling crafted input in the NGFW user interface. A remote privileged user can submit crafted input to execute arbitrary commands.

Exploitation requires access to an administrative account logged into the NGFW user interface.

5) OS Command Injection (CVE-ID: CVE-2026-25623)

The vulnerability allows a remote user to execute arbitrary commands.

The vulnerability exists due to command injection in an unspecified command execution functionality when handling crafted input in the NGFW user interface. A remote privileged user can submit crafted input to execute arbitrary commands.

Exploitation requires access to an administrative account logged into the NGFW user interface.

6) Stored cross-site scripting (CVE-ID: CVE-2026-25624)

The vulnerability allows a remote user to execute arbitrary script in the administrator's browser.

The vulnerability exists due to cross-site scripting in an administrative interface when rendering crafted content in the NGFW user interface. A remote privileged user can inject crafted script to execute arbitrary script in the administrator's browser.

Remediation

Install update from vendor's website.

References

• https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133