// For flags

CVE-2022-44534

 

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.

Una vulnerabilidad en la interfaz de administración basada en web de Aruba EdgeConnect Enterprise Orchestrator permite a usuarios remotos autenticados ejecutar comandos arbitrarios en el host subyacente. Un exploit exitoso podría permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, lo que podría comprometer completamente el sistema en las versiones del software Aruba EdgeConnect Enterprise Orchestration: Aruba EdgeConnect Enterprise Orchestrator (local), Aruba EdgeConnect Enterprise Orchestrator-as -a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP y Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 y anteriores, - Orchestrator 9.1.4.40436 y anteriores, - Orchestrator 9.0.7.40110 y anteriores, - Orchestrator 8.10.23.40015 y a continuación, - Cualquier rama anterior de Orchestrator que no se mencione específicamente.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-10-31 CVE Reserved
  • 2023-01-03 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-021.txt 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 <= 8.10.23.40015
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " <= 8.10.23.40015"
on-premises
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.0.0 <= 9.0.7.40110
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.0.0 <= 9.0.7.40110"
on-premises
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.1.0 <= 9.1.4.40436
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.1.0 <= 9.1.4.40436"
on-premises
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.2.0 <= 9.2.1.40179
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.2.0 <= 9.2.1.40179"
on-premises
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 <= 8.10.23.40015
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " <= 8.10.23.40015"
as-a-service
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.0.0 <= 9.0.7.40110
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.0.0 <= 9.0.7.40110"
as-a-service
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.1.0 <= 9.1.4.40436
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.1.0 <= 9.1.4.40436"
as-a-service
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.2.0 <= 9.2.1.40179
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.2.0 <= 9.2.1.40179"
as-a-service
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 <= 8.10.23.40015
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " <= 8.10.23.40015"
global_enterprise_tenant_orchestrators
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.0.0 <= 9.0.7.40110
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.0.0 <= 9.0.7.40110"
global_enterprise_tenant_orchestrators
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.1.0 <= 9.1.4.40436
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.1.0 <= 9.1.4.40436"
global_enterprise_tenant_orchestrators
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.2.0 <= 9.2.1.40179
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.2.0 <= 9.2.1.40179"
global_enterprise_tenant_orchestrators
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 <= 8.10.23.40015
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " <= 8.10.23.40015"
sp
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.0.0 <= 9.0.7.40110
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.0.0 <= 9.0.7.40110"
sp
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.1.0 <= 9.1.4.40436
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.1.0 <= 9.1.4.40436"
sp
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Aruba Edgeconnect Enterprise Orchestrator
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator"
 >= 9.2.0 <= 9.2.1.40179
Search vendor "Arubanetworks" for product "Aruba Edgeconnect Enterprise Orchestrator" and version " >= 9.2.0 <= 9.2.1.40179"
sp
Affected