Lucene search

[email protected]NVD:CVE-2024-41914

HistoryJul 24, 2024 - 3:15 p.m.

CVE-2024-41914

2024-07-2415:15:12

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

web-based

management interface

edgeconnect

sd-wan

orchestrator

authenticated

remote attacker

stored

cross-site scripting

xss

attack

administrative user

exploit

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.

Affected configurations

Nvd

Node

arubanetworksedgeconnect_sd-wan_orchestratorRange9.1.0–9.1.9

arubanetworksedgeconnect_sd-wan_orchestratorRange9.2.0–9.2.9

arubanetworksedgeconnect_sd-wan_orchestratorRange9.3.0–9.3.2

arubanetworksedgeconnect_sd-wan_orchestratorRange9.4.0–9.4.1

VendorProductVersionCPE
arubanetworksedgeconnect_sd-wan_orchestrator*cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arubanetworks	edgeconnect_sd-wan_orchestrator	*	cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator::::::::

References

support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

Related for NVD:CVE-2024-41914

vulnrichment1 cvelist1 cve1