CVE-2022-37914

Name of the Vulnerable Software and Affected Versions Aruba EdgeConnect Enterprise Orchestrator versions 9.1.2.40051 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40108 and below Aruba EdgeConnect Enterprise Orchestrator versions 8.10.23.40009 and below Aruba EdgeConnect Enterprise Orchestrator versions prior to 8.10.23.40009

Description The vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator is related to weaknesses in the authentication procedure. Exploitation of this issue could allow a remote attacker to bypass security restrictions and gain administrative privileges, leading to a complete compromise of the system.

Recommendations For versions 9.1.2.40051 and below, update to a version above 9.1.2.40051 to resolve the issue. For versions 9.0.7.40108 and below, update to a version above 9.0.7.40108 to resolve the issue. For versions 8.10.23.40009 and below, update to a version above 8.10.23.40009 to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.