Описание
A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 9.0.0 (включая) до 9.0.5 (включая)Версия от 9.1.0 (включая) до 9.1.7 (включая)Версия от 9.2.0 (включая) до 9.2.5 (включая)
Одно из
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01388
Низкий
7.2 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.2
github
больше 2 лет назад
A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
EPSS
Процентиль: 80%
0.01388
Низкий
7.2 High
CVSS3
Дефекты
CWE-22