CVE-2023-37424
Unauthenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
*Credits:
Daniel Jensen (@dozernz)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-05 CVE Reserved
- 2023-08-22 CVE Published
- 2024-10-03 CVE Updated
- 2024-10-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt | 2023-08-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Arubanetworks Search vendor "Arubanetworks" | Edgeconnect Sd-wan Orchestrator Search vendor "Arubanetworks" for product "Edgeconnect Sd-wan Orchestrator" | >= 9.0.0 <= 9.0.5 Search vendor "Arubanetworks" for product "Edgeconnect Sd-wan Orchestrator" and version " >= 9.0.0 <= 9.0.5" | - |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Edgeconnect Sd-wan Orchestrator Search vendor "Arubanetworks" for product "Edgeconnect Sd-wan Orchestrator" | >= 9.1.0 <= 9.1.7 Search vendor "Arubanetworks" for product "Edgeconnect Sd-wan Orchestrator" and version " >= 9.1.0 <= 9.1.7" | - |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Edgeconnect Sd-wan Orchestrator Search vendor "Arubanetworks" for product "Edgeconnect Sd-wan Orchestrator" | >= 9.2.0 <= 9.2.5 Search vendor "Arubanetworks" for product "Edgeconnect Sd-wan Orchestrator" and version " >= 9.2.0 <= 9.2.5" | - |
Affected
| ||||||
Arubanetworks Search vendor "Arubanetworks" | Edgeconnect Sd-wan Orchestrator Search vendor "Arubanetworks" for product "Edgeconnect Sd-wan Orchestrator" | 9.3.0 Search vendor "Arubanetworks" for product "Edgeconnect Sd-wan Orchestrator" and version "9.3.0" | - |
Affected
|