cbcvebase.
CVE-2024-22443
published 2024-07-24

CVE-2024-22443: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.78%
51.2th percentile
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Affected

8 ranges
VendorProductVersion rangeFixed in
arubanetworksedgeconnect_sd-wan_orchestrator>= 9.1.0 < 9.1.109.1.10
arubanetworksedgeconnect_sd-wan_orchestrator>= 9.2.0 < 9.2.109.2.10
arubanetworksedgeconnect_sd-wan_orchestrator>= 9.3.0 < 9.3.39.3.3
arubanetworksedgeconnect_sd-wan_orchestrator>= 9.4.0 < 9.4.29.4.2
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wan_orchestratorEdgeConnect SD-WAN Orchestrator 9.1.x: Orchestrator 9.1.9 (all builds) and below – <=9.1.9
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wan_orchestratorEdgeConnect SD-WAN Orchestrator 9.2.x: Orchestrator 9.2.9 (all builds) and below – <=9.2.9
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wan_orchestratorEdgeConnect SD-WAN Orchestrator 9.3.x: Orchestrator 9.3.2 (all builds) and below – <=9.3.2
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wan_orchestratorEdgeConnect SD-WAN Orchestrator 9.4.x: Orchestrator 9.4.1 (all builds) and below – <=9.4.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.