PT-2023-25952 · Aruba · Edgeconnect Sd-Wan Orchestrator

Daniel Jensen

Publicado

2023-08-22

Atualizado

2024-10-03

CVE-2023-37424

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aruba EdgeConnect SD-WAN Orchestrator (affected versions not specified)

Description A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this issue could allow an attacker to execute arbitrary commands on the underlying operating system, leading to complete system compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2023-37424

Produtos afetados

Edgeconnect Sd-Wan Orchestrator

PT-2023-25952 · Aruba · Edgeconnect Sd-Wan Orchestrator

CVE-2023-37424

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6