CVE-2024-22444

Summary

A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN OrchestratorEdgeConnect SD-WAN Orchestrator 9.4.x: Orchestrator 9.4.1 (all builds) and below <= <=9.4.1affected
Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN OrchestratorEdgeConnect SD-WAN Orchestrator 9.3.x: Orchestrator 9.3.2 (all builds) and below <= <=9.3.2affected
Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN OrchestratorEdgeConnect SD-WAN Orchestrator 9.2.x: Orchestrator 9.2.9 (all builds) and below <= <=9.2.9affected
Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN OrchestratorEdgeConnect SD-WAN Orchestrator 9.1.x: Orchestrator 9.1.9 (all builds) and below <= <=9.1.9affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References