An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Link | Resource |
---|---|
https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt | Vendor Advisory |
https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
01 Aug 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 |
26 Jul 2024, 13:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Arubanetworks
Arubanetworks edgeconnect Sd-wan Orchestrator |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | () https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt - Vendor Advisory | |
CWE | CWE-78 | |
Summary |
|
|
CPE | cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.0.0:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:* cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:* |
24 Jul 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-24 21:15
Updated : 2024-11-21 09:32
NVD link : CVE-2024-41136
Mitre link : CVE-2024-41136
CVE.ORG link : CVE-2024-41136
JSON object : View
Products Affected
arubanetworks
- edgeconnect_sd-wan_orchestrator