Design/Logic Flaw

2022-12-1213:15:00

PRIOn knowledge base

www.prio-n.com

aruba edgeconnect

remote authenticated

arbitrary commands

system compromise

version vulnerability

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

CPENameOperatorVersion
edgeconnect_enterprisege9.0.0.0
edgeconnect_enterprisele9.0.7.0
edgeconnect_enterprisege9.1.0.0
edgeconnect_enterprisele9.1.3.0
edgeconnect_enterprisege9.2.0.0
edgeconnect_enterprisele9.2.1.0
edgeconnect_enterprisege8.3.1.0
edgeconnect_enterprisele8.3.7.1

Name	Operator	Version
edgeconnect_enterprise	ge	9.0.0.0
edgeconnect_enterprise	le	9.0.7.0
edgeconnect_enterprise	ge	9.1.0.0
edgeconnect_enterprise	le	9.1.3.0
edgeconnect_enterprise	ge	9.2.0.0
edgeconnect_enterprise	le	9.2.1.0
edgeconnect_enterprise	ge	8.3.1.0
edgeconnect_enterprise	le	8.3.7.1

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt