CVE-2024-33519

HIGH

HPE Aruba Networking EdgeConnect - RCE

Title source: llm

Description

A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

References (1)

[Various Sources] https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt

Scores

CVSS v3 7.2

EPSS 0.0067

EPSS Percentile 71.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1321

Status published

Products (5)

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN ECOS 8.0.x.x: all builds are affected and are out of maintenance. - <=8.0.x.x

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.0.x.x: all builds are affected and are out of maintenance. - <=9.0.x.x

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.1.x.x: 9.1.11.0 and below - <=9.1.11.0

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.2.x.x: 9.2.9.0 and below - <=9.2.9.0

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN ECOS 9.3.x.x: 9.3.3.0 and below - <=9.3.3.0

Published Jul 24, 2024

Tracked Since Feb 18, 2026