HpeVULNRICHMENT:CVE-2024-41136CVE-2024-41136 Authenticated Command Injection in HPE Aruba Networking EdgeConnect SD-WAN Command Line Interface
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CNA Affected
[
{
"vendor": "Hewlett Packard Enterprise (HPE)",
"product": "HPE Aruba Networking EdgeConnect SD-WAN",
"versions": [
{
"status": "affected",
"version": "ECOS 9.3.x.x: 9.3.3.0 and below",
"versionType": "semver",
"lessThanOrEqual": "<=9.3.3.0"
},
{
"status": "affected",
"version": "ECOS 9.2.x.x: 9.2.9.0 and below",
"versionType": "semver",
"lessThanOrEqual": "<=9.2.9.0"
},
{
"status": "affected",
"version": "ECOS 9.1.x.x: 9.1.11.0 and below",
"versionType": "semver",
"lessThanOrEqual": "<=9.1.11.0"
},
{
"status": "affected",
"version": "ECOS 9.0.x.x: all builds are affected and are out of maintenance.",
"versionType": "semver",
"lessThanOrEqual": "<=9.0.x.x"
},
{
"status": "affected",
"version": "ECOS 8.0.x.x: all builds are affected and are out of maintenance.",
"versionType": "semver",
"lessThanOrEqual": "<=8.0.x.x"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*"
],
"vendor": "arubanetworks",
"product": "edgeconnect_sd-wan_orchestrator",
"versions": [
{
"status": "affected",
"version": "9.3.0",
"versionType": "semver",
"lessThanOrEqual": "9.3.3.0"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.2.0:*:*:*:*:*:*:*"
],
"vendor": "arubanetworks",
"product": "edgeconnect_sd-wan_orchestrator",
"versions": [
{
"status": "affected",
"version": "9.2.0",
"versionType": "semver",
"lessThanOrEqual": "9.2.9.0"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.1.0:*:*:*:*:*:*:*"
],
"vendor": "arubanetworks",
"product": "edgeconnect_sd-wan_orchestrator",
"versions": [
{
"status": "affected",
"version": "9.1.0",
"versionType": "semver",
"lessThanOrEqual": "9.1.11.0"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.0.0:*:*:*:*:*:*:*"
],
"vendor": "arubanetworks",
"product": "edgeconnect_sd-wan_orchestrator",
"versions": [
{
"status": "affected",
"version": "9.0.0",
"lessThan": "9.1.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:8.0.0:*:*:*:*:*:*:*"
],
"vendor": "arubanetworks",
"product": "edgeconnect_sd-wan_orchestrator",
"versions": [
{
"status": "affected",
"version": "8.0.0",
"lessThan": "8.0.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.1%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total