CVE-2023-37432: Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface
First published: Tue Aug 22 2023(Updated: )
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.0.0<=9.0.5 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.1.0<=9.1.7 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.2.0<=9.2.5 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | =9.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-37432?
CVE-2023-37432 is a vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator that could allow an authenticated remote attacker to conduct SQL injection attacks.
How does CVE-2023-37432 affect Arubanetworks Edgeconnect Sd-wan Orchestrator?
CVE-2023-37432 affects Arubanetworks Edgeconnect Sd-wan Orchestrator versions between 9.0.0 and 9.0.5, 9.1.0 and 9.1.7, and 9.2.0 and 9.2.5, as well as version 9.3.0.
What is the severity of CVE-2023-37432?
CVE-2023-37432 has a severity rating of 8.1 (high).
How can an attacker exploit CVE-2023-37432?
An attacker can exploit CVE-2023-37432 by conducting SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance.
Is there a fix for CVE-2023-37432?
Yes, it is recommended to upgrade Arubanetworks Edgeconnect Sd-wan Orchestrator to a version that is not affected by CVE-2023-37432.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/arubanetworks
- canonical/arubanetworks edgeconnect sd-wan orchestrator
- version/arubanetworks edgeconnect sd-wan orchestrator/9.0.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.0.5
- version/arubanetworks edgeconnect sd-wan orchestrator/9.1.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.1.7
- version/arubanetworks edgeconnect sd-wan orchestrator/9.2.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.2.5
- version/arubanetworks edgeconnect sd-wan orchestrator/9.3.0