Aruba Networking EdgeConnect SD-WAN Gateways Command Injection Vulnerability
CVE-2024-41136

8.8HIGH

Key Information:

Vendor: HP
Status: HP Aruba Networking Edgeconnect Sd-wan
Vendor: CVE Published:; 24 July 2024

Summary

An authenticated command injection vulnerability exists within the command line interface of HPE Aruba Networking EdgeConnect SD-WAN gateways. Exploitation of this vulnerability grants malicious actors the capability to execute arbitrary commands as a privileged user in the underlying operating system. This poses significant security threats, compromising the integrity and confidentiality of the affected systems. Proper security measures and patches should be implemented to mitigate the risks associated with this vulnerability.

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.3.x.x: 9.3.3.0 and below

HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.2.x.x: 9.2.9.0 and below

HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.1.x.x: 9.1.11.0 and below

References

https://csaf.arubanetworks.com/2024/hpe_aruba_networking_...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
Jul 15, 2024

Credit

Daniel Jensen (bugcrowd.com/dozernz)