Skip to main content

Edgeconnect Sd Wan Orchestrator CVE-2023-37431

HIGH
SQL Injection (CWE-89)
2023-08-22 security-alert@hpe.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 22, 2023 - 19:16 nvd
HIGH 8.1

DescriptionNVD

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.

AnalysisAI

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. Affected products include: Arubanetworks Edgeconnect Sd-Wan Orchestrator.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2025-37184 CRITICAL
9.8 Jan 14

An Orchestrator service allows unauthenticated attackers to bypass MFA and create admin accounts without multi-factor au

CVE-2024-41914 CRITICAL
9.0 Jul 24

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated re

CVE-2024-41136 HIGH
8.8 Jul 24

An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command

CVE-2024-22443 HIGH
8.8 Jul 24

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated re

CVE-2023-37434 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37433 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37432 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37430 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37429 HIGH
8.1 Aug 22

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authent

CVE-2023-37424 HIGH
8.1 Aug 22

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated

CVE-2023-37426 HIGH
7.5 Aug 22

EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared stat

CVE-2025-37183 HIGH
7.2 Jan 14

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated re

Share

CVE-2023-37431 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy