Lucene search

K
cve[email protected]CVE-2023-37426
HistoryAug 22, 2023 - 7:16 p.m.

CVE-2023-37426

2023-08-2219:16:37
CWE-798
web.nvd.nist.gov
7
cve-2023-37426
edgeconnect
sd-wan
orchestrator
ssh
vulnerability
masquerade
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.4%

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator
host.

Affected configurations

NVD
Node
arubanetworksedgeconnect_sd-wan_orchestratorRange9.0.09.0.5
OR
arubanetworksedgeconnect_sd-wan_orchestratorRange9.1.09.1.7
OR
arubanetworksedgeconnect_sd-wan_orchestratorRange9.2.09.2.5
OR
arubanetworksedgeconnect_sd-wan_orchestratorMatch9.3.0

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "EdgeConnect SD-WAN Orchestrator",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "<=9.3.0",
        "status": "affected",
        "version": "Orchestrator 9.3.x",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=9.2.5",
        "status": "affected",
        "version": "Orchestrator 9.2.x",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "<=9.1.7",
        "status": "affected",
        "version": "Orchestrator 9.1.x",
        "versionType": "semver"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.4%

Related for CVE-2023-37426