exploitDog

CVE-2023-37440

Опубликовано: 22 авг. 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 5.3

EPSS Низкий

Описание

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

Ссылки

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
Mitigation
Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*

Версия до 9.3.1 (исключая)

EPSS

Процентиль: 56%

0.00335

Низкий

5.5 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-918

CWE-918

Связанные уязвимости

GHSA-w6pm-7x44-m335

CVSS3: 5.5

github

больше 2 лет назад

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

EPSS

Процентиль: 56%

0.00335

Низкий

5.5 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-918

CWE-918