CVE-2022-37915
CRITICALAruba EdgeConnect Enterprise Orchestrator 9.1.0-9.1.3.40197 - Unauthenticated Remote Code Execution
Title source: llmDescription
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to a complete system compromise of Aruba EdgeConnect Enterprise Orchestration with versions 9.1.x branch only, Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197, Orchestrators upgraded to 9.1.x were not affected.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
Scores
CVSS v3
9.8
EPSS
0.0373
EPSS Percentile
88.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
arubanetworks/aruba_edgeconnect_enterprise_orchestrator
9.1.0 - 9.1.3.40197
Published
Oct 28, 2022
Tracked Since
Feb 18, 2026