CVE-2024-41136

Summary

An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WANECOS 9.3.x.x: 9.3.3.0 and below <= <=9.3.3.0affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WANECOS 9.2.x.x: 9.2.9.0 and below <= <=9.2.9.0affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WANECOS 9.1.x.x: 9.1.11.0 and below <= <=9.1.11.0affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WANECOS 9.0.x.x: all builds are affected and are out of maintenance. <= <=9.0.x.xaffected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WANECOS 8.0.x.x: all builds are affected and are out of maintenance. <= <=8.0.x.xaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References