CVE-2022-37919

Published: Dec 12, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;

Affected (4)

Products: Arubanetworks: Edgeconnect Enterprise

Arubanetworks

1 product

Edgeconnect Enterprise

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Edgeconnect Enterprise	From 8.3.1.0 to 8.3.7.1
Arubanetworks Edgeconnect Enterprise	From 9.0.0.0 to 9.0.7.0
Arubanetworks Edgeconnect Enterprise	From 9.1.0.0 to 9.1.3.0
Arubanetworks Edgeconnect Enterprise	From 9.2.0.0 to 9.2.1.0

References (2)

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt

Source: security-alert@hpe.com

Vendor Advisory

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.