CVE-2022-37914
CRITICALAruba EdgeConnect Enterprise Orchestrator < 8.10.23.40009 - Unauthenticated Authentication Bypass
Title source: llmDescription
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
Scores
CVSS v3
9.8
EPSS
0.0506
EPSS Percentile
89.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (1)
arubanetworks/aruba_edgeconnect_enterprise_orchestrator
< 8.10.23.40009 (4 CPE variants)
Published
Oct 28, 2022
Tracked Since
Feb 18, 2026