Arista NG Firewall Insecure Captive Portal Configuration Vulnerability

A vulnerability exists in Arista Edge Threat Management - Arista NG Firewall, all versions through 17.1.1, allowing administrators to configure an insecure captive portal script. This issue can be exploited by selecting the 'Custom' option in the Captive Page tab, potentially leading to unauthorized actions or information exposure.

Impact

Exploitation of this vulnerability could result in improper control over code generation, allowing for the injection of malicious scripts that could be executed in the context of the user.

Reproduction

To reproduce this vulnerability, log into the Arista NG Firewall as an administrator and navigate to the Apps and Services page. Ensure the Captive Portal application is installed and active. Once in the Captive Portal application, select the 'Custom' radio button under the Captive Page tab. This selection indicates a vulnerable configuration.

Remediation

To address this vulnerability, disable the custom captive portal page. Navigate to the Captive Portal application, select either 'Basic Message' or 'Basic Login', and click Save.