Lucene search

K
vulnrichmentHpeVULNRICHMENT:CVE-2024-22443
HistoryJul 24, 2024 - 3:08 p.m.

CVE-2024-22443

2024-07-2415:08:07
hpe
github.com
5
edgeconnect
sd-wan orchestrator
remote attacker
server-side
prototype pollution
command execution

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

19.8%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.2.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "edgeconnect_sd-wan_orchestrator",
    "versions": [
      {
        "status": "affected",
        "version": "9.2.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.2.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "edgeconnect_sd-wan_orchestrator",
    "versions": [
      {
        "status": "affected",
        "version": "9.3.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.3.2"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.1.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "edgeconnect_sd-wan_orchestrator",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.1.9"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.4.0:*:*:*:*:*:*:*"
    ],
    "vendor": "arubanetworks",
    "product": "edgeconnect_sd-wan_orchestrator",
    "versions": [
      {
        "status": "affected",
        "version": "9.4.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.4.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

19.8%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2024-22443