Vulnerabilities > CVE-2022-37914 - Unspecified vulnerability in Arubanetworks Aruba Edgeconnect Enterprise Orchestrator

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

arubanetworks

critical

NVD

Published: 2022-10-28

Updated: 2023-08-08

Summary

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned.

Vulnerable Configurations

Part	Description	Count
Application	Arubanetworks Arubanetworks Aruba Edgeconnect Enterprise Orchestrator * Arubanetworks Aruba Edgeconnect Enterprise Orchestrator -	8

References

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt