CVE-2023-37433: Authenticated SQL Injection Vulnerabilities in EdgeConnect SD-WAN Orchestrator Web-based Management Interface
First published: Tue Aug 22 2023(Updated: )
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.
Credit: security-alert@hpe.com security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.0.0<=9.0.5 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.1.0<=9.1.7 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | >=9.2.0<=9.2.5 | |
| Arubanetworks Edgeconnect Sd-wan Orchestrator | =9.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of these multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator?
The vulnerability ID is CVE-2023-37433.
What is the severity level of CVE-2023-37433?
The severity level of CVE-2023-37433 is high (8.1).
What is the affected software for CVE-2023-37433?
The affected software is Arubanetworks Edgeconnect Sd-wan Orchestrator version 9.0.0 to 9.0.5, 9.1.0 to 9.1.7, 9.2.0 to 9.2.5, and 9.3.0.
What can an authenticated remote attacker do with CVE-2023-37433?
An authenticated remote attacker can conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance, potentially obtaining and modifying data.
Is there any fix available for CVE-2023-37433?
Please refer to the official reference link provided by Aruba Networks for the fix and mitigation steps.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/arubanetworks
- canonical/arubanetworks edgeconnect sd-wan orchestrator
- version/arubanetworks edgeconnect sd-wan orchestrator/9.0.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.0.5
- version/arubanetworks edgeconnect sd-wan orchestrator/9.1.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.1.7
- version/arubanetworks edgeconnect sd-wan orchestrator/9.2.0
- version/arubanetworks edgeconnect sd-wan orchestrator/9.2.5
- version/arubanetworks edgeconnect sd-wan orchestrator/9.3.0