CVE-2024-41914

Summary

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN OrchestratorEdgeConnect SD-WAN Orchestrator 9.4.x: Orchestrator 9.4.1 (all builds) and below <= <=9.4.1affected
Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN OrchestratorEdgeConnect SD-WAN Orchestrator 9.3.x: Orchestrator 9.3.2 (all builds) and below <= <=9.3.2affected
Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN OrchestratorEdgeConnect SD-WAN Orchestrator 9.2.x: Orchestrator 9.2.9 (all builds) and below <= <=9.2.9affected
Hewlett Packard EnterpriseHPE Aruba Networking EdgeConnect SD-WAN OrchestratorEdgeConnect SD-WAN Orchestrator 9.1.x: Orchestrator 9.1.9 (all builds) and below <= <=9.1.9affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References