CVE-2024-41136
24.07.2024, 21:15
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
| Vendor | Product | Version |
|---|---|---|
| arubanetworks | edgeconnect_sd-wan_orchestrator | 9.3.3.0 ≤ 𝑥 ≤ 9.3.3.0 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 9.2.9.0 ≤ 𝑥 ≤ 9.2.9.0 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 9.1.11.0 ≤ 𝑥 ≤ 9.1.11.0 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 9.1.0 < 𝑥 < 9.1.0 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 8.0.1 < 𝑥 < 8.0.1 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 9.1.0 ≤ 𝑥 ≤ 9.1.11 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 9.2.0 ≤ 𝑥 ≤ 9.2.9 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 8.0.0 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 9.0.0 |
| arubanetworks | edgeconnect_sd-wan_orchestrator | 9.3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.