CVE-2022-37913

Name of the Vulnerable Software and Affected Versions Aruba EdgeConnect Enterprise Orchestrator versions 9.1.2.40051 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40108 and below Aruba EdgeConnect Enterprise Orchestrator versions 8.10.23.40009 and below Aruba EdgeConnect Enterprise Orchestrator versions prior to 9.1.2.40051, 9.0.7.40108, and 8.10.23.40009

Description The web-based management interface of Aruba EdgeConnect Enterprise Orchestrator has vulnerabilities that could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation could allow an attacker to gain administrative privileges, leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator. The issue is related to deficiencies in the authentication procedure.

Recommendations For versions 9.1.2.40051 and below, consider disabling the web-based management interface until a patch is available. For versions 9.0.7.40108 and below, restrict access to the management interface to minimize the risk of exploitation. For versions 8.10.23.40009 and below, avoid using the web-based management interface until the issue is resolved. For any older branches of Orchestrator not specifically mentioned, it is recommended to update to a newer version or disable the web-based management interface as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.