Riverbed · Edgeconnect Sd-Wan Orchestrator · CVE-2023-37426
**Name of the Vulnerable Software and Affected Versions**
EdgeConnect SD-WAN Orchestrator versions prior to the versions resolved in this advisory
**Description**
The issue is related to shared static SSH host keys for all installations, which could allow an attacker to spoof the SSH host signature and masquerade as a legitimate Orchestrator host.
**Recommendations**
For versions prior to the versions resolved in this advisory, consider regenerating unique SSH host keys for each installation as a mitigation measure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.