CVE-2023-37440

Summary

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)EdgeConnect SD-WAN OrchestratorOrchestrator 9.3.x <= <=9.3.0affected
Hewlett Packard Enterprise (HPE)EdgeConnect SD-WAN OrchestratorOrchestrator 9.2.x <= <=9.2.*affected
Hewlett Packard Enterprise (HPE)EdgeConnect SD-WAN OrchestratorOrchestrator 9.1.x <= <=9.1.*affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References