CVE-2024-22443

Published: Jul 24, 2024Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Affected (4)

Products: Arubanetworks: Edgeconnect Sd Wan Orchestrator

Arubanetworks

1 product

Edgeconnect Sd Wan Orchestrator

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Edgeconnect Sd Wan Orchestrator	From 9.1.0 to 9.1.10
Arubanetworks Edgeconnect Sd Wan Orchestrator	From 9.2.0 to 9.2.10
Arubanetworks Edgeconnect Sd Wan Orchestrator	From 9.3.0 to 9.3.3
Arubanetworks Edgeconnect Sd Wan Orchestrator	From 9.4.0 to 9.4.2

Related CWEs

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

References (2)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.