Remote Command Execution Vulnerability in Aruba EdgeConnect Enterprise
CVE-2022-37921

7.2HIGH

Key Information:

Vendor

HP (HP)

Vendor
CVE Published:
12 December 2022

What is CVE-2022-37921?

A vulnerability in the command line interface of Aruba EdgeConnect Enterprise enables remote authenticated users to execute arbitrary commands on the underlying host system. This flaw permits attackers to gain root privileges on the operating system, potentially leading to a complete system compromise. The affected versions include ECOS 9.2.1.0 and earlier, as well as other specified versions. It is crucial for users to apply the necessary patches to secure their systems against possible exploitation.

Affected Version(s)

Aruba EdgeConnect Enterprise Software ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.