Vulnerability in HPE Aruba Networking EdgeConnect SD-WAN Gateway Could Lead to Complete System Compromise

CVE-2024-33519

7.2HIGH

Key Information

Vendor: Hewlett Packard Enterprise (HP)
Status: HP Aruba Networking Edgeconnect Sd-wan
Vendor: CVE Published:; 24 July 2024

Summary

A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN <= ECOS 9.3.x.x: 9.3.3.0 and below

HPE Aruba Networking EdgeConnect SD-WAN <= ECOS 9.2.x.x: 9.2.9.0 and below

HPE Aruba Networking EdgeConnect SD-WAN <= ECOS 9.1.x.x: 9.1.11.0 and below

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 24, 2024
Vulnerability Reserved.
Apr 23, 2024

Collectors

NVD DatabaseMitre Database

Credit

Daniel Jensen (bugcrowd.com/dozernz)