CVE-2022-37914

Published: Oct 28, 2022Modified: May 7, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned.

Affected (12)

Products: Arubanetworks: Aruba Edgeconnect Enterprise Orchestrator

Arubanetworks

1 product

Aruba Edgeconnect Enterprise Orchestrator

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	Before 8.10.23.40009
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	From 9.0.0 to 9.0.7.40108
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	From 9.1.0 to 9.1.3.40197

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	Before 8.10.23.40009
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	From 9.0.0 to 9.0.7.40108
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	From 9.1.0 to 9.1.3.40197

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	Before 8.10.23.40009
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	From 9.0.0 to 9.0.7.40108
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	From 9.1.0 to 9.1.3.40197

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	Before 8.10.23.40009
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	From 9.0.0 to 9.0.7.40108
Arubanetworks Aruba Edgeconnect Enterprise Orchestrator	From 9.1.0 to 9.1.3.40197

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt

Source: security-alert@hpe.com

MitigationVendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.