cbcvebase.
CVE-2024-41133
published 2024-07-24

CVE-2024-41133: A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary…

PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.75%
50.4th percentile
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise

Affected

5 ranges
VendorProductVersion rangeFixed in
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wanECOS 8.0.x.x: all builds are affected and are out of maintenance. – <=8.0.x.x
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wanECOS 9.0.x.x: all builds are affected and are out of maintenance. – <=9.0.x.x
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wanECOS 9.1.x.x: 9.1.11.0 and below – <=9.1.11.0
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wanECOS 9.2.x.x: 9.2.9.0 and below – <=9.2.9.0
hewlett_packard_enterprisehpe_aruba_networking_edgeconnect_sd-wanECOS 9.3.x.x: 9.3.3.0 and below – <=9.3.3.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.