Lucene search

[email protected]NVD:CVE-2024-22443

HistoryJul 24, 2024 - 3:15 p.m.

CVE-2024-22443

2024-07-2415:15:11

CWE-1321

[email protected]

web.nvd.nist.gov

vulnerability

web-based

management

interface

edgeconnect

sd-wan

orchestrator

authenticated

remote attacker

server-side

prototype pollution

exploitation

arbitrary commands

operating system

compromise

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Affected configurations

Nvd

Node

arubanetworksedgeconnect_sd-wan_orchestratorRange9.1.0–9.1.10

arubanetworksedgeconnect_sd-wan_orchestratorRange9.2.0–9.2.10

arubanetworksedgeconnect_sd-wan_orchestratorRange9.3.0–9.3.3

arubanetworksedgeconnect_sd-wan_orchestratorRange9.4.0–9.4.2

VendorProductVersionCPE
arubanetworksedgeconnect_sd-wan_orchestrator*cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	edgeconnect_sd-wan_orchestrator	*	cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator::::::::

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

Related for NVD:CVE-2024-22443

cve1 cvelist1 vulnrichment1