Design/Logic Flaw

2022-12-1213:15:00

PRIOn knowledge base

www.prio-n.com

aruba edgeconnect

command line interface

remote authenticated users

arbitrary commands

system compromise

ecos 9.2.1.0

ecos 9.1.3.0

ecos 9.0.7.0

ecos 8.3.7.1

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

JSON

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

CPENameOperatorVersion
edgeconnect_enterprisege9.0.0.0
edgeconnect_enterprisele9.0.7.0
edgeconnect_enterprisege9.1.0.0
edgeconnect_enterprisele9.1.3.0
edgeconnect_enterprisege9.2.0.0
edgeconnect_enterprisele9.2.1.0
edgeconnect_enterprisege8.3.1.0
edgeconnect_enterprisele8.3.7.1

Name	Operator	Version
edgeconnect_enterprise	ge	9.0.0.0
edgeconnect_enterprise	le	9.0.7.0
edgeconnect_enterprise	ge	9.1.0.0
edgeconnect_enterprise	le	9.1.3.0
edgeconnect_enterprise	ge	9.2.0.0
edgeconnect_enterprise	le	9.2.1.0
edgeconnect_enterprise	ge	8.3.1.0
edgeconnect_enterprise	le	8.3.7.1

References

www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt