Unauthenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface
CVE-2023-37424
8.1HIGH
What is CVE-2023-37424?
The web-based management interface of Aruba Networks' EdgeConnect SD-WAN Orchestrator contains a vulnerability that enables an unauthenticated attacker to execute arbitrary commands on the underlying operating system. This may occur if specific preconditions are met that are beyond the attacker's control. Successful exploitation could lead to significant security breaches, including full system compromise, making it essential for organizations to promptly patch this vulnerability.
Affected Version(s)
EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x
EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x
EdgeConnect SD-WAN Orchestrator Orchestrator 9.2.x