Описание
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
Уязвимые конфигурации
Конфигурация 1Версия от 9.1.0 (включая) до 9.1.11 (включая)Версия от 9.2.0 (включая) до 9.2.9 (включая)
Одно из
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00327
Низкий
6.8 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-78
CWE-77
Связанные уязвимости
CVSS3: 6.8
github
больше 1 года назад
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
EPSS
Процентиль: 55%
0.00327
Низкий
6.8 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-78
CWE-77