EUVD-2026-34911
GHSA-5h7h-rxr9-2ccv
Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.
AnalysisAI
Cross-site scripting in the Arista Edge Threat Management Next Generation Firewall web UI dashboard allows a high-privileged attacker to inject unvalidated input that is reflected back into administrative profiles, enabling script execution in the context of other administrative sessions. The vulnerability carries a CVSS 4.0 score of 5.8 (Medium), with confidentiality impact rated High on the vulnerable system - consistent with session token or credential harvesting from targeted admin accounts. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold high administrative privileges (PR:H per CVSS vector) on the Arista ETM-NGFW web interface - anonymous or low-privileged access is insufficient to inject payloads into the dashboard layout. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.8 (Medium) reflects a constrained attack path: PR:H requires the attacker to already hold high administrative privileges on the NGFW platform, and AT:P signals that additional attack requirements must be met beyond basic network access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained high-level administrative credentials to the Arista NGFW management interface - through credential theft, insider access, or a prior compromise - injects a malicious JavaScript payload into a user-controlled field within the dashboard layout configuration. When a second administrative user passively browses the affected dashboard page in the normal course of operations, the payload executes in their browser session, allowing the attacker to exfiltrate the victim's session token, capture keystrokes, or perform authenticated actions on their behalf. … |
| Remediation | The primary remediation action is to consult and apply guidance from the Arista PSIRT security advisory published at https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today