Skip to main content

Arista NGFW EUVD-2026-34905

| CVE-2026-25621 HIGH
OS Command Injection (CWE-78)
2026-06-05 psirt@arista.com GHSA-36wx-6wfq-226v
Command Injection Ng Firewall
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
P

Lifecycle Timeline

1
Analysis Generated
Jun 05, 2026 - 20:35 vuln.today

DescriptionCVE.org

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

AnalysisAI

Command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) version 17.4.0 allows high-privileged authenticated attackers to abuse insecure input validation in the Reports application to execute OS commands on the appliance. The flaw uniquely affects 17.4.0, with earlier releases unaffected, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain NGFW admin credentials
Delivery
Authenticate to management interface
Exploit
Submit crafted parameter to Reports app
Execution
Trigger shell metacharacter injection
Persist
Execute OS commands on appliance
Impact
Pivot to inspected network segments
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network reachability to the NGFW management interface where the Reports application is served, (2) high-privileged authenticated access - the CVSS vector PR:H confirms the attacker must already hold administrative credentials on the appliance, not a standard user account, (3) the target appliance must be running exactly Arista NGFW version 17.4.0, as the vendor confirms earlier releases are not affected, and (4) the attacker must reach the specific Reports application endpoint that processes the unvalidated input. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained administrative credentials to the NGFW (via phishing, credential reuse, or insider access) authenticates to the management interface and submits a crafted parameter to the Reports application containing shell metacharacters; the unsanitized input is interpolated into a shell command, yielding arbitrary OS command execution as the reporting process user on the firewall. From there the attacker can read sensitive traffic-inspection data, modify firewall configuration, or pivot into the protected network segments the appliance fronts. …
Remediation Patch status is not explicitly stated in the supplied data - no vendor-released patch version is enumerated in the input, so consult the Arista advisory at https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133 for the fixed release and apply it to all NGFW appliances running 17.4.0. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory and classify all Arista NGFW deployments running version 17.4.0 by operational criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-34905 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy