CVE-2022-44534
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.
Una vulnerabilidad en la interfaz de administración basada en web de Aruba EdgeConnect Enterprise Orchestrator permite a usuarios remotos autenticados ejecutar comandos arbitrarios en el host subyacente. Un exploit exitoso podría permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, lo que podría comprometer completamente el sistema en las versiones del software Aruba EdgeConnect Enterprise Orchestration: Aruba EdgeConnect Enterprise Orchestrator (local), Aruba EdgeConnect Enterprise Orchestrator-as -a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP y Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 y anteriores, - Orchestrator 9.1.4.40436 y anteriores, - Orchestrator 9.0.7.40110 y anteriores, - Orchestrator 8.10.23.40015 y a continuación, - Cualquier rama anterior de Orchestrator que no se mencione específicamente.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-31 CVE Reserved
- 2023-01-03 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-021.txt | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | <= 8.10.23.40015 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " <= 8.10.23.40015" | on-premises |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.0.0 <= 9.0.7.40110 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.0.0 <= 9.0.7.40110" | on-premises |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.1.0 <= 9.1.4.40436 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.1.0 <= 9.1.4.40436" | on-premises |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.2.0 <= 9.2.1.40179 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.2.0 <= 9.2.1.40179" | on-premises |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | <= 8.10.23.40015 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " <= 8.10.23.40015" | as-a-service |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.0.0 <= 9.0.7.40110 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.0.0 <= 9.0.7.40110" | as-a-service |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.1.0 <= 9.1.4.40436 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.1.0 <= 9.1.4.40436" | as-a-service |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.2.0 <= 9.2.1.40179 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.2.0 <= 9.2.1.40179" | as-a-service |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | <= 8.10.23.40015 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " <= 8.10.23.40015" | global_enterprise_tenant_orchestrators |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.0.0 <= 9.0.7.40110 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.0.0 <= 9.0.7.40110" | global_enterprise_tenant_orchestrators |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.1.0 <= 9.1.4.40436 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.1.0 <= 9.1.4.40436" | global_enterprise_tenant_orchestrators |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.2.0 <= 9.2.1.40179 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.2.0 <= 9.2.1.40179" | global_enterprise_tenant_orchestrators |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | <= 8.10.23.40015 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " <= 8.10.23.40015" | sp |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.0.0 <= 9.0.7.40110 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.0.0 <= 9.0.7.40110" | sp |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.1.0 <= 9.1.4.40436 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.1.0 <= 9.1.4.40436" | sp |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Aruba Edgeconnect Enterprise Orchestrator Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" | >= 9.2.0 <= 9.2.1.40179 Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.2.0 <= 9.2.1.40179" | sp |
Affected
|