Описание
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 9.0.0 (включая) до 9.0.5 (включая)Версия от 9.1.0 (включая) до 9.1.7 (включая)Версия от 9.2.0 (включая) до 9.2.5 (включая)
Одно из
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00247
Низкий
7.4 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 7.4
github
больше 2 лет назад
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host.
EPSS
Процентиль: 48%
0.00247
Низкий
7.4 High
CVSS3
7.5 High
CVSS3
Дефекты
CWE-798