Aruba addressed multiple critical severity vulnerabilities in the EdgeConnect Enterprise Orchestrator that can be exploited by remote attackers to compromise the vulnerable host.
According to the company, a network-based attacker with specific knowledge of the targeted firewall or Panorama appliance can impersonate an existing PAN-OS admin and perform privileged actions.
Affected products:
- EdgeConnect Enterprise Orchestrator (on-premises)
- EdgeConnect Enterprise Orchestrator-as-a-Service
- EdgeConnect Enterprise Orchestrator-SP and EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators
- Orchestrator 9.1.2.40051 and below
- Orchestrator 9.0.7.40108 and below
- Orchestrator 8.10.23.40009 and below
Aruba have addressed the below vulnerability
CVE-2022-37913 and CVE-2022-37914 (CVSS v3.1 – 9.8) Authentication bypass vulnerabilities that resides in the web-based management interface of EdgeConnect Orchestrator. Threat actors can trigger the issue to bypass authentication.
Mitigation
Aruba advises that the CLI and web-based management interfaces be limited to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above to reduce the possibility of an attacker exploiting these vulnerabilities.
As of right now, Aruba has not observed any talks or proof-of-concept exploits that target their vulnerabilities or identified active exploitation.
The company addressed the issue with the release of the following versions:
- Aruba EdgeConnect Enterprise Orchestrator 9.2.0.40405 and above
- Aruba EdgeConnect Enterprise Orchestrator 9.1.3.40197 and above
- Aruba EdgeConnect Enterprise Orchestrator 9.0.7.40110 and above
- Aruba EdgeConnect Enterprise Orchestrator 8.10.23.40015 and above
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment