PT-2022-24151 · Aruba · Aruba Edgeconnect Enterprise
Published
2022-11-30
·
Updated
2022-12-13
·
CVE-2022-37919
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Aruba EdgeConnect Enterprise versions 9.2.1.0 and below
Aruba EdgeConnect Enterprise versions 9.1.3.0 and below
Aruba EdgeConnect Enterprise versions 9.0.7.0 and below
Aruba EdgeConnect Enterprise versions 8.3.7.1 and below
Description
A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests.
Recommendations
For versions 9.2.1.0 and below, update to a version above 9.2.1.0 to resolve the issue.
For versions 9.1.3.0 and below, update to a version above 9.1.3.0 to resolve the issue.
For versions 9.0.7.0 and below, update to a version above 9.0.7.0 to resolve the issue.
For versions 8.3.7.1 and below, update to a version above 8.3.7.1 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aruba Edgeconnect Enterprise