Vulnerability Details : CVE-2022-37913
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned.
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-37913
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » As-a-service EditionVersions from including (>=) 9.0.0 and before (<) 9.0.7.40108cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:as-a-service:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » On-premises EditionVersions before (<) 8.10.23.40009cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:on-premises:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » SP EditionVersions from including (>=) 9.1.0 and before (<) 9.1.3.40197cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:sp:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » Global Enterprise Tenant Orchestrators EditionVersions before (<) 8.10.23.40009cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:global_enterprise_tenant_orchestrators:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » Global Enterprise Tenant Orchestrators EditionVersions from including (>=) 9.1.0 and before (<) 9.1.3.40197cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:global_enterprise_tenant_orchestrators:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » As-a-service EditionVersions before (<) 8.10.23.40009cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:as-a-service:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » Global Enterprise Tenant Orchestrators EditionVersions from including (>=) 9.0.0 and before (<) 9.0.7.40108cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:global_enterprise_tenant_orchestrators:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » As-a-service EditionVersions from including (>=) 9.1.0 and before (<) 9.1.3.40197cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:as-a-service:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » SP EditionVersions before (<) 8.10.23.40009cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:sp:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » On-premises EditionVersions from including (>=) 9.1.0 and before (<) 9.1.3.40197cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:on-premises:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » SP EditionVersions from including (>=) 9.0.0 and before (<) 9.0.7.40108cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:sp:*:*:*
- Arubanetworks » Aruba Edgeconnect Enterprise Orchestrator » On-premises EditionVersions from including (>=) 9.0.0 and before (<) 9.0.7.40108cpe:2.3:a:arubanetworks:aruba_edgeconnect_enterprise_orchestrator:*:*:*:*:on-premises:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-37913
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-37913
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-37913
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-37913
-
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
Mitigation;Vendor Advisory
Jump to