Arubanetworks Edgeconnect_sd-wan_orchestrator
29 CVEs affecting Arubanetworks Edgeconnect_sd-wan_orchestrator. Latest disclosed: 2026-01-14. Critical: 1, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-37184 | Critical | 9.8 | 2026-01-14 | A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Succe… |
CVE-2024-41914 | High | 8.1 | 2024-07-24 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross… |
CVE-2023-37424 | High | 8.1 | 2023-08-22 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary comman… |
CVE-2023-37423 | High | 8.1 | 2023-08-22 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross… |
CVE-2023-37422 | High | 8.1 | 2023-08-22 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross… |
CVE-2023-37421 | High | 8.1 | 2023-08-22 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross… |
CVE-2023-37425 | High | 8.0 | 2023-08-22 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cro… |
CVE-2023-37426 | High | 7.4 | 2023-08-22 | EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations… |
CVE-2025-37183 | High | 7.2 | 2026-01-14 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection… |
CVE-2025-37182 | High | 7.2 | 2026-01-14 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection… |
CVE-2025-37181 | High | 7.2 | 2026-01-14 | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection… |
CVE-2024-22443 | High | 7.2 | 2024-07-24 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side… |
CVE-2023-37428 | High | 7.2 | 2023-08-22 | A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underl… |
CVE-2023-37427 | High | 7.2 | 2023-08-22 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands… |
CVE-2024-41136 | Medium | 6.8 | 2024-07-24 | An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation… |
CVE-2023-37438 | Medium | 6.5 | 2023-08-22 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL i… |
CVE-2023-37437 | Medium | 6.5 | 2023-08-22 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL i… |
CVE-2023-37436 | Medium | 6.5 | 2023-08-22 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL i… |
CVE-2023-37435 | Medium | 6.5 | 2023-08-22 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL i… |
CVE-2023-37434 | Medium | 6.5 | 2023-08-22 | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL i… |