threat
engine
.sh
Back
·
··:··
Home
/
Product
/
arista ng firewall
Product
arista ng firewall
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-2767
all versions
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers
9.6
CRITICAL
CVE-2024-9188
< 17.2
Specially constructed queries cause cross platform scripting leaking administrator tokens
8.8
HIGH
CVE-2024-9134
< 17.2
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights
8.3
HIGH
CVE-2024-9133
<= 17.1.1
A user with administrator privileges is able to retrieve authentication tokens
6.6
MEDIUM
CVE-2024-9132
<= 17.1.1
The administrator is able to configure an insecure captive portal script
8.1
HIGH
CVE-2024-9131
<= 17.1.1
A user with administrator privileges can perform command injection
7.2
HIGH
CVE-2024-47520
<= 17.1.1
A user with advanced report application access rights can perform actions for which they are not authorized
7.6
HIGH
CVE-2024-47519
<= 17.1.1
Backup uploads to ETM subject to man-in-the-middle interception
8.3
HIGH
CVE-2024-47518
<= 17.1.1
Specially constructed queries targeting ETM could discover active remote access sessions
6.4
MEDIUM
CVE-2024-47517
<= 17.1.1
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
6.8
MEDIUM
CVE-2024-12832
all versions
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attacke
6.3
MEDIUM
CVE-2024-12831
all versions
Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers
7.8
HIGH
CVE-2024-12830
all versions
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attack
7.3
HIGH
CVE-2024-12829
all versions
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attacke
8.8
HIGH
CVE-2024-27889
<= 17.0
Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewal
8.8
HIGH
CVE-2019-18649
all versions
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored
4.8
MEDIUM
CVE-2019-18648
all versions
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific us
4.8
MEDIUM
CVE-2019-18647
all versions
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
7.2
HIGH
CVE-2019-18646
all versions
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn paramet
7.2
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin