- 201/2023
- High
Aruba has released security updates to fix several vulnerabilities in EdgeConnect SD-WAN Orchestrator.
The addressed vulnerabilities could allow the remote attacker to gain access, obtain information, bypass security restrictions, or trigger cross-site scripting (XSS) attacks on the affected product.
Sample of the addressed vulnerabilities:
1. HPE Aruba Networking EdgeConnect SD-WAN Orchestrator Cross-Site Scripting (CVE-2023-37423):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross-Site Scripting
2. Authenticated Remote Code Execution in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface (CVE-2023-37427):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privilege
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.