Aruba EdgeConnect Enterprise Orchestrator Vulnerability in Web Management Interface
CVE-2022-44534

7.2HIGH

Key Information:

Vendor: HP
Status: Aruba Edgeconnect Enterprise Orchestration Software
Vendor: CVE Published:; 3 January 2023

Summary

A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator's web-based management interface permits remote authenticated users to execute arbitrary commands on the host system. If exploited, this flaw can grant attackers root-level access to the underlying operating system, resulting in a total compromise of the affected systems. The issue impacts various versions of Aruba EdgeConnect Enterprise Orchestrator, emphasizing the urgent need for users to update to the latest versions to mitigate this risk.

Affected Version(s)

Aruba EdgeConnect Enterprise Orchestration Software Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2023
Vulnerability Reserved
Oct 31, 2022