CVE-2023-37428 - Vulnerability Details

Vendors	Products
Arubanetworks	Edgeconnect Sd-wan Orchestrator
Hpe	Edgeconnect Sd-wan Orchestrator

Link	Providers
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt

Type	Values Removed	Values Added
First Time appeared		Hpe Hpe edgeconnect Sd-wan Orchestrator
CPEs		cpe:2.3:a:hpe:edgeconnect_sd-wan_orchestrator::::::::
Vendors & Products		Hpe Hpe edgeconnect Sd-wan Orchestrator
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37428", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "state": "PUBLISHED", "assignerShortName": "hpe", "dateReserved": "2023-07-05T17:36:47.997Z", "datePublished": "2023-08-22T18:04:50.122Z", "dateUpdated": "2024-10-03T14:48:07.190Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "EdgeConnect SD-WAN Orchestrator", "vendor": "Hewlett Packard Enterprise (HPE)", "versions": [{"lessThanOrEqual": "<=9.3.0", "status": "affected", "version": "Orchestrator 9.3.x", "versionType": "semver"}, {"lessThanOrEqual": "<=9.2.5", "status": "affected", "version": "Orchestrator 9.2.x", "versionType": "semver"}, {"lessThanOrEqual": "<=9.1.7", "status": "affected", "version": "Orchestrator 9.1.x", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Daniel Jensen (@dozernz)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in the EdgeConnect SD-WAN Orchestrator&nbsp;web-based management interface allows remote authenticated&nbsp;users to run arbitrary commands on the underlying host.&nbsp;A successful exploit could allow an attacker to execute&nbsp;arbitrary commands as root on the underlying operating system&nbsp;leading to complete system compromise."}], "value": "A vulnerability in the EdgeConnect SD-WAN Orchestrator\u00a0web-based management interface allows remote authenticated\u00a0users to run arbitrary commands on the underlying host.\u00a0A successful exploit could allow an attacker to execute\u00a0arbitrary commands as root on the underlying operating system\u00a0leading to complete system compromise."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-08-22T18:04:50.122Z"}, "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:29.573Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "hpe", "product": "edgeconnect_sd-wan_orchestrator", "cpes": ["cpe:2.3:a:hpe:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9.1x", "status": "affected", "lessThanOrEqual": "9.1.7", "versionType": "semver"}, {"version": "9.2x", "status": "affected", "lessThanOrEqual": "9.2.5", "versionType": "semver"}, {"version": "9.3x", "status": "affected", "lessThanOrEqual": "9.3.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T14:45:59.634603Z", "id": "CVE-2023-37428", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T14:48:07.190Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-37428 (string)

assignerOrgId : eb103674-0d28-4225-80f8-39fb86215de0 (string)

state : PUBLISHED (string)

assignerShortName : hpe (string)

dateReserved : 2023-07-05T17:36:47.997Z (string)

datePublished : 2023-08-22T18:04:50.122Z (string)

dateUpdated : 2024-10-03T14:48:07.190Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : affected (string)

product : EdgeConnect SD-WAN Orchestrator (string)

vendor : Hewlett Packard Enterprise (HPE) (string)

versions : [ »

0 : { »

lessThanOrEqual : <=9.3.0 (string)

status : affected (string)

version : Orchestrator 9.3.x (string)

versionType : semver (string)

}

1 : { »

lessThanOrEqual : <=9.2.5 (string)

status : affected (string)

version : Orchestrator 9.2.x (string)

versionType : semver (string)

}

2 : { »

lessThanOrEqual : <=9.1.7 (string)

status : affected (string)

version : Orchestrator 9.1.x (string)

versionType : semver (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Daniel Jensen (@dozernz) (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. (string)

}

]

value : A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

providerMetadata : { »

orgId : eb103674-0d28-4225-80f8-39fb86215de0 (string)

shortName : hpe (string)

dateUpdated : 2023-08-22T18:04:50.122Z (string)

}

references : [ »

0 : { »

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:16:29.573Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : hpe (string)

product : edgeconnect_sd-wan_orchestrator (string)

cpes : [ »

0 : cpe:2.3:a:hpe:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 9.1x (string)

status : affected (string)

lessThanOrEqual : 9.1.7 (string)

versionType : semver (string)

}

1 : { »

version : 9.2x (string)

status : affected (string)

lessThanOrEqual : 9.2.5 (string)

versionType : semver (string)

}

2 : { »

version : 9.3x (string)

status : affected (string)

lessThanOrEqual : 9.3.0 (string)

versionType : semver (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-03T14:45:59.634603Z (string)

id : CVE-2023-37428 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-03T14:48:07.190Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:29.573Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37428", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-03T14:45:59.634603Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hpe:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*"], "vendor": "hpe", "product": "edgeconnect_sd-wan_orchestrator", "versions": [{"status": "affected", "version": "9.1x", "versionType": "semver", "lessThanOrEqual": "9.1.7"}, {"status": "affected", "version": "9.2x", "versionType": "semver", "lessThanOrEqual": "9.2.5"}, {"status": "affected", "version": "9.3x", "versionType": "semver", "lessThanOrEqual": "9.3.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T14:47:59.780Z"}}], "cna": {"title": "Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Daniel Jensen (@dozernz)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hewlett Packard Enterprise (HPE)", "product": "EdgeConnect SD-WAN Orchestrator", "versions": [{"status": "affected", "version": "Orchestrator 9.3.x", "versionType": "semver", "lessThanOrEqual": "<=9.3.0"}, {"status": "affected", "version": "Orchestrator 9.2.x", "versionType": "semver", "lessThanOrEqual": "<=9.2.5"}, {"status": "affected", "version": "Orchestrator 9.1.x", "versionType": "semver", "lessThanOrEqual": "<=9.1.7"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the EdgeConnect SD-WAN Orchestrator\u00a0web-based management interface allows remote authenticated\u00a0users to run arbitrary commands on the underlying host.\u00a0A successful exploit could allow an attacker to execute\u00a0arbitrary commands as root on the underlying operating system\u00a0leading to complete system compromise.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability in the EdgeConnect SD-WAN Orchestrator&nbsp;web-based management interface allows remote authenticated&nbsp;users to run arbitrary commands on the underlying host.&nbsp;A successful exploit could allow an attacker to execute&nbsp;arbitrary commands as root on the underlying operating system&nbsp;leading to complete system compromise.", "base64": false}]}], "providerMetadata": {"orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe", "dateUpdated": "2023-08-22T18:04:50.122Z"}}}, "cveMetadata": {"cveId": "CVE-2023-37428", "state": "PUBLISHED", "dateUpdated": "2024-10-03T14:48:07.190Z", "dateReserved": "2023-07-05T17:36:47.997Z", "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "datePublished": "2023-08-22T18:04:50.122Z", "assignerShortName": "hpe"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:16:29.573Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-37428 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-03T14:45:59.634603Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:hpe:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:* (string)

]

vendor : hpe (string)

product : edgeconnect_sd-wan_orchestrator (string)

versions : [ »

0 : { »

status : affected (string)

version : 9.1x (string)

versionType : semver (string)

lessThanOrEqual : 9.1.7 (string)

}

1 : { »

status : affected (string)

version : 9.2x (string)

versionType : semver (string)

lessThanOrEqual : 9.2.5 (string)

}

2 : { »

status : affected (string)

version : 9.3x (string)

versionType : semver (string)

lessThanOrEqual : 9.3.0 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-03T14:47:59.780Z (string)

}

]

cna : { »

title : Authenticated Remote Code Execution via Path Traversal in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface (string)

source : { »

discovery : UNKNOWN (string)

}

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Daniel Jensen (@dozernz) (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 7.2 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Hewlett Packard Enterprise (HPE) (string)

product : EdgeConnect SD-WAN Orchestrator (string)

versions : [ »

0 : { »

status : affected (string)

version : Orchestrator 9.3.x (string)

versionType : semver (string)

lessThanOrEqual : <=9.3.0 (string)

}

1 : { »

status : affected (string)

version : Orchestrator 9.2.x (string)

versionType : semver (string)

lessThanOrEqual : <=9.2.5 (string)

}

2 : { »

status : affected (string)

version : Orchestrator 9.1.x (string)

versionType : semver (string)

lessThanOrEqual : <=9.1.7 (string)

}

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. (string)

base64 : false (boolean)

}

]

}

]

providerMetadata : { »

orgId : eb103674-0d28-4225-80f8-39fb86215de0 (string)

shortName : hpe (string)

dateUpdated : 2023-08-22T18:04:50.122Z (string)

}

cveMetadata : { »

cveId : CVE-2023-37428 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-03T14:48:07.190Z (string)

dateReserved : 2023-07-05T17:36:47.997Z (string)

assignerOrgId : eb103674-0d28-4225-80f8-39fb86215de0 (string)

datePublished : 2023-08-22T18:04:50.122Z (string)

assignerShortName : hpe (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E893AD7-C02C-4608-AF2E-01FDF300DFF0", "versionEndIncluding": "9.0.5", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "A49FCAD2-9EAA-4A38-9416-96C130C6E3CE", "versionEndIncluding": "9.1.7", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B72D752-0E1E-4D9F-8DE7-848EA8161402", "versionEndIncluding": "9.2.5", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "141D0310-AE35-48FA-953A-1F2019370717", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the EdgeConnect SD-WAN Orchestrator\u00a0web-based management interface allows remote authenticated\u00a0users to run arbitrary commands on the underlying host.\u00a0A successful exploit could allow an attacker to execute\u00a0arbitrary commands as root on the underlying operating system\u00a0leading to complete system compromise."}], "id": "CVE-2023-37428", "lastModified": "2024-11-21T08:11:41.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-alert@hpe.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-22T19:16:37.423", "references": [{"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5E893AD7-C02C-4608-AF2E-01FDF300DFF0 (string)

versionEndIncluding : 9.0.5 (string)

versionStartIncluding : 9.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A49FCAD2-9EAA-4A38-9416-96C130C6E3CE (string)

versionEndIncluding : 9.1.7 (string)

versionStartIncluding : 9.1.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7B72D752-0E1E-4D9F-8DE7-848EA8161402 (string)

versionEndIncluding : 9.2.5 (string)

versionStartIncluding : 9.2.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:arubanetworks:edgeconnect_sd-wan_orchestrator:9.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 141D0310-AE35-48FA-953A-1F2019370717 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. (string)

}

]

id : CVE-2023-37428 (string)

lastModified : 2024-11-21T08:11:41.380 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : security-alert@hpe.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-08-22T19:16:37.423 (string)

references : [ »

0 : { »

source : security-alert@hpe.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt (string)

}

]

sourceIdentifier : security-alert@hpe.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object