Unauthenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface
CVE-2023-37424

8.1HIGH

Key Information:

Vendor: HP
Status: Edgeconnect Sd-wan Orchestrator
Vendor: CVE Published:; 22 August 2023

What is CVE-2023-37424?

The web-based management interface of Aruba Networks' EdgeConnect SD-WAN Orchestrator contains a vulnerability that enables an unauthenticated attacker to execute arbitrary commands on the underlying operating system. This may occur if specific preconditions are met that are beyond the attacker's control. Successful exploitation could lead to significant security breaches, including full system compromise, making it essential for organizations to promptly patch this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x

EdgeConnect SD-WAN Orchestrator Orchestrator 9.2.x

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Jul 5, 2023

Credit

Daniel Jensen (@dozernz)

JSON

HP

What is CVE-2023-37424?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.