Edgeconnect Enterprise
CVE-2022-37919
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;
AnalysisAI
A vulnerability exists in the API of Aruba EdgeConnect Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below; Affected products include: Arubanetworks Edgeconnect Enterprise.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Edgeconnect Enterprise
View allVulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users t
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users t
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users t
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users t
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users t
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users t
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbit
A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authenticated users to run ar
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbit
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbit
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbit
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbit
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today