Vulnerability in HPE Aruba Networking EdgeConnect SD-WAN Gateway Could Lead to Complete System Compromise
CVE-2024-33519

7.2HIGH

Key Information:

Vendor
HP
Vendor
CVE Published:
24 July 2024

Summary

A vulnerability exists in the web-based management interface of the HPE Aruba Networking EdgeConnect SD-WAN gateway, which can be exploited by an authenticated remote attacker to conduct a server-side prototype pollution attack. This exploitation allows for arbitrary command execution on the underlying operating system, potentially leading to a full compromise of the system. Ensuring timely updates and implementing security best practices are crucial in mitigating the risks associated with this vulnerability.

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.3.x.x: 9.3.3.0 and below

HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.2.x.x: 9.2.9.0 and below

HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.1.x.x: 9.1.11.0 and below

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Daniel Jensen (bugcrowd.com/dozernz)
.