cbcvebase.
CVE-2023-37440
published 2023-08-22

CVE-2023-37440: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a…

PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.43%
34.1th percentile
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

Affected

4 ranges
VendorProductVersion rangeFixed in
arubanetworksedgeconnect_sd-wan_orchestrator< 9.3.19.3.1
hewlett_packard_enterpriseedgeconnect_sd-wan_orchestratorOrchestrator 9.1.x – <=9.1.*
hewlett_packard_enterpriseedgeconnect_sd-wan_orchestratorOrchestrator 9.2.x – <=9.2.*
hewlett_packard_enterpriseedgeconnect_sd-wan_orchestratorOrchestrator 9.3.x – <=9.3.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.