Skip to main content

Edgeconnect Sd Wan Orchestrator CVE-2023-37421

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-08-22 security-alert@hpe.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 22, 2023 - 19:16 nvd
MEDIUM 5.4

DescriptionNVD

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

AnalysisAI

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. Affected products include: Arubanetworks Edgeconnect Sd-Wan Orchestrator.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2025-37184 CRITICAL
9.8 Jan 14

An Orchestrator service allows unauthenticated attackers to bypass MFA and create admin accounts without multi-factor au

CVE-2024-41914 CRITICAL
9.0 Jul 24

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated re

CVE-2024-41136 HIGH
8.8 Jul 24

An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command

CVE-2024-22443 HIGH
8.8 Jul 24

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated re

CVE-2023-37434 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37433 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37432 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37431 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37430 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37429 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37424 HIGH
8.1 Aug 22

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated

CVE-2023-37426 HIGH
7.5 Aug 22

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared stat

Share

CVE-2023-37421 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy