CVE-2023-37440
published 2023-08-22CVE-2023-37440: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.43%
34.1th percentile
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal
structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arubanetworks | edgeconnect_sd-wan_orchestrator | < 9.3.1 | 9.3.1 |
| hewlett_packard_enterprise | edgeconnect_sd-wan_orchestrator | Orchestrator 9.1.x – <=9.1.* | — |
| hewlett_packard_enterprise | edgeconnect_sd-wan_orchestrator | Orchestrator 9.2.x – <=9.2.* | — |
| hewlett_packard_enterprise | edgeconnect_sd-wan_orchestrator | Orchestrator 9.3.x – <=9.3.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-22
Published