Critical
CVSS: 9.6
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is requir…
High
CVSS: 8.8
Specially constructed queries cause cross platform scripting leaking administrator tokens
High
CVSS: 8.3
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with eleva…
Medium
CVSS: 6.6
A user with administrator privileges is able to retrieve authentication tokens
High
CVSS: 8.1
The administrator is able to configure an insecure captive portal script
High
CVSS: 7.2
A user with administrator privileges can perform command injection
High
CVSS: 7.6
A user with advanced report application access rights can perform actions for which they are not authorized
High
CVSS: 8.3
Backup uploads to ETM subject to man-in-the-middle interception
Medium
CVSS: 6.4
Specially constructed queries targeting ETM could discover active remote access sessions
Medium
CVSS: 6.8
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access