Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | Aruba Released Patches for EdgeConnect’s Critical Vulnerabilities
Table Of Content
Home

Resources

Blog
Oct 13, 2022
3 Mins Read

Aruba Released Patches for EdgeConnect’s Critical Vulnerabilities

Aruba released security updates to fix several critical vulnerabilities. The vulnerabilities were found in its popular WAN management tool, EdgeConnect Enterprise Orchestrator. Successful exploitation could let a remote attacker access systems and execute commands. 

Affected products: 

  • EdgeConnect Enterprise Orchestrator (on-premises) 
  • EdgeConnect Enterprise Orchestrator-as-a-Service 
  • EdgeConnect Enterprise Orchestrator-SP and EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators 
  • Orchestrator 9.1.2.40051 and below 
  • Orchestrator 9.0.7.40108 and below 
  • Orchestrator 8.10.23.40009 and below 

Aruba’s EdgeConnect Orchestrator provides enterprise users with optimization, administration, automation, and monitoring features. Thus, the vulnerabilities it contains can easily endanger systems and networks.

About Vulnerabilities 

The patch provided by Aruba fixes the vulnerabilities tracked as CVE-2022-37913CVE-2022-37914, and CVE-2022-37915, which all have CVSS scores of 9.8. The flaws were found in the products’ web-based management interface. 

CVE-2022-37913 and CVE-2022-37914 are authentication bypass vulnerabilities. They might enable a remote, unauthenticated attacker to get past authentication and eventually take control of the system by gaining administrative privileges

The flaw CVE-2022-37915 could enable an unauthenticated attacker to execute codes remotely on the underlying host and compromise the system.

Workaround Available 

Aruba advises that the CLI and web-based management interfaces be limited to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above to reduce the possibility of an attacker exploiting these vulnerabilities. 

As of right now, Aruba has not observed any talks or proof-of-concept exploits that target their vulnerabilities or identified active exploitation. 

However, given the seriousness of the issues and the widespread use of EdgeConnect in important environments, it is reasonable to expect attackers to try to develop exploits for the flaws. 

Aruba Released Patches 

These are the versions that fix the severe security vulnerabilities: 

  • Aruba EdgeConnect Enterprise Orchestrator 9.2.0.40405 and above 
  • Aruba EdgeConnect Enterprise Orchestrator 9.1.3.40197 and above 
  • Aruba EdgeConnect Enterprise Orchestrator 9.0.7.40110 and above 
  • Aruba EdgeConnect Enterprise Orchestrator 8.10.23.40015 and above 

The vendor doesn’t support older versions; therefore, they won’t get a security upgrade for the vulnerabilities mentioned above. It is suggested that customers of previous versions upgrade to a newer product release as soon as possible.

Related Articles
SOCRadar® Cyber Intelligence Inc. | OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
Apr 18, 2024
SOCRadar® Cyber Intelligence Inc. | CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Apr 16, 2024