Vulnerability in HPE Aruba Networking EdgeConnect SD-WAN Gateway Could Lead to Complete System Compromise
CVE-2024-33519
Key Information:
- Vendor
- HP
- Vendor
- CVE Published:
- 24 July 2024
Summary
A vulnerability exists in the web-based management interface of the HPE Aruba Networking EdgeConnect SD-WAN gateway, which can be exploited by an authenticated remote attacker to conduct a server-side prototype pollution attack. This exploitation allows for arbitrary command execution on the underlying operating system, potentially leading to a full compromise of the system. Ensuring timely updates and implementing security best practices are crucial in mitigating the risks associated with this vulnerability.
Affected Version(s)
HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.3.x.x: 9.3.3.0 and below
HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.2.x.x: 9.2.9.0 and below
HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.1.x.x: 9.1.11.0 and below
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved