Lucene search

PRIOn knowledge basePRION:CVE-2023-37427

HistoryAug 22, 2023 - 7:16 p.m.

Design/Logic Flaw

2023-08-2219:16:00

PRIOn knowledge base

www.prio-n.com

web-based

management interface

edgeconnect

sd-wan

orchestrator

vulnerability

remote attacker

arbitrary commands

exploitation

root access

operating system

system compromise

nvd

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

JSON

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

CPENameOperatorVersion
edgeconnect_sd-wan_orchestratoreq9.3.0
edgeconnect_sd-wan_orchestratorge9.0.0
edgeconnect_sd-wan_orchestratorle9.0.5
edgeconnect_sd-wan_orchestratorge9.2.0
edgeconnect_sd-wan_orchestratorle9.2.5
edgeconnect_sd-wan_orchestratorge9.1.0
edgeconnect_sd-wan_orchestratorle9.1.7

Name	Operator	Version
edgeconnect_sd-wan_orchestrator	eq	9.3.0
edgeconnect_sd-wan_orchestrator	ge	9.0.0
edgeconnect_sd-wan_orchestrator	le	9.0.5
edgeconnect_sd-wan_orchestrator	ge	9.2.0
edgeconnect_sd-wan_orchestrator	le	9.2.5
edgeconnect_sd-wan_orchestrator	ge	9.1.0
edgeconnect_sd-wan_orchestrator	le	9.1.7

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt