CVE-2022-43541
First published: Wed Nov 30 2022(Updated: )
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| arubanetworks EdgeConnect enterprise | >=8.3.1.0<=8.3.7.1 | |
| arubanetworks EdgeConnect enterprise | >=9.0.0.0<=9.0.7.0 | |
| arubanetworks EdgeConnect enterprise | >=9.1.0.0<=9.1.3.0 | |
| arubanetworks EdgeConnect enterprise | >=9.2.0.0<=9.2.1.0 | |
| Aruba Networks EdgeConnect Enterprise | >=8.3.1.0<=8.3.7.1 | |
| Aruba Networks EdgeConnect Enterprise | >=9.0.0.0<=9.0.7.0 | |
| Aruba Networks EdgeConnect Enterprise | >=9.1.0.0<=9.1.3.0 | |
| Aruba Networks EdgeConnect Enterprise | >=9.2.0.0<=9.2.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-43541?
CVE-2022-43541 is considered a critical vulnerability due to its potential to allow remote authenticated users to execute arbitrary commands as root.
How do I fix CVE-2022-43541?
To fix CVE-2022-43541, update the Aruba EdgeConnect Enterprise software to the latest patched version provided by Aruba Networks.
Which versions are affected by CVE-2022-43541?
CVE-2022-43541 affects Aruba EdgeConnect Enterprise versions between 8.3.1.0 and 8.3.7.1, as well as 9.0.0.0 to 9.0.7.0, 9.1.0.0 to 9.1.3.0, and 9.2.0.0 to 9.2.1.0.
What could an attacker achieve by exploiting CVE-2022-43541?
Exploiting CVE-2022-43541 could allow an attacker to gain full control of the underlying operating system by executing arbitrary commands as root.
Who is affected by CVE-2022-43541?
Organizations using vulnerable versions of Aruba EdgeConnect Enterprise are at risk due to CVE-2022-43541.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/arubanetworks
- canonical/arubanetworks edgeconnect enterprise
- version/arubanetworks edgeconnect enterprise/8.3.1.0
- version/arubanetworks edgeconnect enterprise/8.3.7.1
- version/arubanetworks edgeconnect enterprise/9.0.0.0
- version/arubanetworks edgeconnect enterprise/9.0.7.0
- version/arubanetworks edgeconnect enterprise/9.1.0.0
- version/arubanetworks edgeconnect enterprise/9.1.3.0
- version/arubanetworks edgeconnect enterprise/9.2.0.0
- version/arubanetworks edgeconnect enterprise/9.2.1.0
- canonical/aruba networks edgeconnect enterprise
- version/aruba networks edgeconnect enterprise/8.3.1.0
- version/aruba networks edgeconnect enterprise/8.3.7.1
- version/aruba networks edgeconnect enterprise/9.0.0.0
- version/aruba networks edgeconnect enterprise/9.0.7.0
- version/aruba networks edgeconnect enterprise/9.1.0.0
- version/aruba networks edgeconnect enterprise/9.1.3.0
- version/aruba networks edgeconnect enterprise/9.2.0.0
- version/aruba networks edgeconnect enterprise/9.2.1.0