Shared SSH Static Host Keys in EdgeConnect SD-WAN Orchestrator
CVE-2023-37426
7.4HIGH
What is CVE-2023-37426?
Instances of Aruba EdgeConnect SD-WAN Orchestrator prior to the resolutions provided in the advisory were found to utilize shared static SSH host keys across all installations. This vulnerability presents an opportunity for attackers to spoof the SSH host signature, allowing them to pose as a legitimate Orchestrator host and potentially gain unauthorized access.
Affected Version(s)
EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x
EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x
EdgeConnect SD-WAN Orchestrator Orchestrator 9.2.x