Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface
CVE-2023-37428
7.2HIGH
What is CVE-2023-37428?
A vulnerability in the web management interface of the EdgeConnect SD-WAN Orchestrator enables remote authenticated users to execute arbitrary commands on the host operating system. This flaw poses a significant risk as it can result in complete system compromise, granting attackers root access. Immediate action is recommended to mitigate potential threats.
Affected Version(s)
EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x
EdgeConnect SD-WAN Orchestrator Orchestrator 9.3.x
EdgeConnect SD-WAN Orchestrator Orchestrator 9.2.x