Arista Edge Threat Management NG Firewall Expired Token Disclosure Vulnerability

A vulnerability exists in Arista Edge Threat Management (ETM) units that have timed out from ETM access, allowing the revelation of expired and unusable administrator authentication tokens. This issue affects Arista NG Firewall (NGFW) versions 17.1.1 and prior.

Impact

Exploitation of this vulnerability leads to the unauthorized disclosure of expired administrator authentication tokens, which could potentially be misused in certain contexts.

Reproduction

To reproduce this vulnerability, log into the Edge Threat Management (ETM) interface and navigate to the target NGFW appliance. Once there, click on 'Remote Access' to establish a connection. After the session has expired, any attempt to perform actions will indicate the need to re-enable Remote Access. At this point, a specially crafted script can be used to query the IP port of the expired connection, revealing the authentication tokens.

Remediation

No specific remediation is available, but it is advised to close the browser tab or window after completing NGFW operations with Remote Access.