Ng firewall
This hub aggregates every CVE we track for Ng firewall, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
24
CVEs tracked
1
Critical
12
High
0
In CISA KEV
Severity distribution
HIGH12MEDIUM11CRITICAL1
Monthly trend
0
0
0
0
0
4
9
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
5
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Ng firewall.
- CVE-2026-25624Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting5.7
- CVE-2026-25623Arista Edge Threat Management NGFW UI Arbitrary Command Execution6.0
- CVE-2026-25622Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection6.0
- CVE-2026-25621Arista Edge Threat Management NGFW Reports Application Insecure Input Validation6.0
- CVE-2026-25620Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection6.0
- CVE-2025-2767Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability9.6
- CVE-2024-9188Specially constructed queries cause cross platform scripting leaking administrator tokens8.8
- CVE-2024-47520A user with advanced report application access rights can perform actions for which they are not authorized7.6
- CVE-2024-47519Backup uploads to ETM subject to man-in-the-middle interception8.3
- CVE-2024-47518Specially constructed queries targeting ETM could discover active remote access sessions6.4
- CVE-2024-47517Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access6.8
- CVE-2024-9134Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.8.3
- CVE-2024-9133A user with administrator privileges is able to retrieve authentication tokens6.6
- CVE-2024-9132The administrator is able to configure an insecure captive portal script8.1
- CVE-2024-9131A user with administrator privileges can perform command injection7.2
Product normalization is registry-driven with AI assist and human review. How it works