CVE-2023-37426

EPSS 0.25%
Published 22.08.2023 19:16:37
Last modified 21.11.2024 08:11:41
Source security-alert@hpe.com
Teams watchlist Login
Open Login

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator
host.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Arubanetworks ≫ Edgeconnect Sd-wan Orchestrator Version >= 9.0.0 <= 9.0.5

Arubanetworks ≫ Edgeconnect Sd-wan Orchestrator Version >= 9.1.0 <= 9.1.7

Arubanetworks ≫ Edgeconnect Sd-wan Orchestrator Version >= 9.2.0 <= 9.2.5

Arubanetworks ≫ Edgeconnect Sd-wan Orchestrator Version9.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.479

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-alert@hpe.com	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-37426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-37426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-37426

EUVD