“- overly permissive rpc interface ( cve - 2026 - 25623 ) - reflected xss ( cve - 2026 - 25624 ) affected version 17. 4 summary of findings bishop fox staff identified six vulnerabilities in arista ng firewall version 17. 4. the most severe issues allowed bishop fox staff to execu…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
82%
“on the remote server. cve - 2026 - 25622 - arbitrary command injection in the captive portal custom handler the captive portal application had ( at some point ) support for customized landing pages. although this feature does not seem to be available through the web interface any…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
57%
“. html or custom. py file to reach the vulnerable path. the 17. 4. 1 release completely removes this feature from the code, neutralizing the vulnerability. cve - 2026 - 25623 - overly permissive rpc interface arista ng firewall extensively relies on a json - rpc mechanism as its …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
44%
“commands on the remote system : an attacker with administrative access to the appliance could execute arbitrary commands as the root user. the 17. 4. 1 release new uses a new class called safeuvmcontext that is a sanitized version of the uvmcontext interface, and does not expose …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
38%
“cookies, injected shell commands will be executed in the background with root privilege. an attacker can chain this exploit with the xss vulnerability described below ( cve - 2026 - 25624 ) to trick a firewall administrator into initiating a reverse shell connection ( or running …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.007JavaScript
34%
“enabling reflected xss. this issue was used to trigger json - rpc calls in a logged - in administrator ’ s browser and chain to command execution. the 17. 4. 1 release now includes the missing taglib instruction, which properly fixes this vulnerability. subscribe to our blog be f…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
31%
“cookies, injected shell commands will be executed in the background with root privilege. an attacker can chain this exploit with the xss vulnerability described below ( cve - 2026 - 25624 ) to trick a firewall administrator into initiating a reverse shell connection ( or running …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Bishop Fox identified six vulnerabilities in Arista NG Firewall version 17.4, including critical command injection flaws allowing root-level code execution with some exploitable by chaining attacks through a single malicious link.