Lucene search
K

📄 Arista NGFW 17.3.1 Information Disclosure Scanner

🗓️ 10 Dec 2025 00:00:00Reported by indoushkaType 
packetstorm
 packetstorm
🔗 packetstorm.news👁 155 Views

Arista NGFW 17.3.1 information disclosure allows remote unauthenticated access to RPC handler.

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2025-6980
4 Dec 202523:31
githubexploit
Arista
Security Advisory 0123
21 Oct 202500:00
arista
Circl
CVE-2025-6980
25 Nov 202505:00
circl
CNNVD
Arista Edge Threat Management - Arista Next Generation Firewall Versions 安全漏洞
23 Oct 202500:00
cnnvd
CVE
CVE-2025-6980
23 Oct 202518:41
cve
Cvelist
CVE-2025-6980 Captive Portal can expose sensitive information
23 Oct 202518:41
cvelist
EUVD
EUVD-2025-35727
23 Oct 202521:31
euvd
NVD
CVE-2025-6980
23 Oct 202519:15
nvd
Positive Technologies
PT-2025-43547
23 Oct 202500:00
ptsecurity
RedhatCVE
CVE-2025-6980
24 Oct 202519:26
redhatcve
Rows per page
=============================================================================================================================================
    | # Title     : Arista NGFW 17.3.1 Information Disclosure Scanner                                                                           |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits)                                                            |
    | # Vendor    : https://edge.arista.com/ng-firewall/                                                                                        |
    =============================================================================================================================================
    
    [+] References : https://packetstorm.news/files/id/212504/ 
    
    [+] Summary :  The vulnerability allows remote unauthenticated connections to access the internal RPC handler component via:
                  /capture/handler.py/load_rpc_manager
                   This script PASSIVELY tests Arista NGFW systems for vulnerability. 
    
    [+]  Usage :   * : Save as: poc.php
                       Run    : php scan.php http[s]://TARGET
    
    Detection Logic:
    ----------------
    500 + “Mod_python error”  → Vulnerable
    404 + <body class="loginPage"> → Not Vulnerable
    Other → Not Arista NGFW
    
    Output:
    -------
    [!] Target appears VULNERABLE
    [+] Target is not affected
    [?] Not Arista NGFW (or protected)
    [+]  POC :	
    
    <?php
    
    
    if ($argc < 2) {
        echo "Usage: php scan.php http[s]://TARGET\n";
        exit;
    }
    
    $target = trim($argv[1]);
    
    // Validate URL format
    if (!preg_match("#^https?://#i", $target)) {
        echo "[-] Invalid URL. Must start with http:// or https://\n";
        exit;
    }
    
    $url = rtrim($target, "/") . "/capture/handler.py/load_rpc_manager";
    
    echo "[*] Testing $target\n";
    
    // HTTP Request Options
    $options = [
        "http" => [
            "method"  => "GET",
            "header"  => "User-Agent: Mozilla/5.0\r\n",
            "timeout" => 15
        ],
        "ssl" => [
            "verify_peer"      => false,
            "verify_peer_name" => false
        ]
    ];
    
    $context = stream_context_create($options);
    
    $result = @file_get_contents($url, false, $context);
    
    if ($result === false) {
        echo "[-] Request failed or target unreachable\n";
        exit;
    }
    
    // Extract response headers
    $headers = isset($http_response_header) ? implode("\n", $http_response_header) : "";
    
    // Detection Logic
    if (strpos($result, "Mod_python error") !== false && strpos($headers, "500") !== false) {
        echo "[!] Target appears VULNERABLE to CVE-2025-6980 - Patch immediately!\n";
    } elseif (strpos($headers, "404") !== false && strpos($result, '<body class="loginPage">') !== false) {
        echo "[+] Target does NOT appear affected.\n";
    } else {
        echo "[?] Target does not behave like Arista NGFW or is protected.\n";
    }
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

10 Dec 2025 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.17.5
EPSS0.00437
SSVC
155