Remote Command Execution Vulnerability in HPE Aruba Networking EdgeConnect SD-WAN Gateway

CVE-2024-41135

7.2HIGH

Key Information

Vendor: Hewlett Packard Enterprise (HP)
Status: HP Aruba Networking Edgeconnect Sd-wan
Vendor: CVE Published:; 24 July 2024

Summary

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN <= ECOS 9.3.x.x: 9.3.3.0 and below

HPE Aruba Networking EdgeConnect SD-WAN <= ECOS 9.2.x.x: 9.2.9.0 and below

HPE Aruba Networking EdgeConnect SD-WAN <= ECOS 9.1.x.x: 9.1.11.0 and below

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 24, 2024
Vulnerability Reserved.
Jul 15, 2024

Collectors

NVD DatabaseMitre Database

Credit

Daniel Jensen (bugcrowd.com/dozernz)