There are important security updates for Aruba’s SD-WAN management solution. In the worst case, attackers can execute malicious code. Security updates are available.
As can be seen from a warning message, the developers have mainly closed gaps in the web management interface. Attackers can launch persistent XSS attacks (CVE-2023-47421 “high”, CVE-2023-47422 “high”, CVE-2023-47423 “high”) in ways that are not described in detail. This is particularly dangerous because the malicious code remains on a server and is executed in a victim’s browser every time it is accessed. For this, however, an attacker must already be authenticated.
Attackers can attack another vulnerability (CVE-2023-37424 “high”) in the web interface without logging in and completely compromise systems using malicious code. A static SSH key (CVE-2023-37426 “high”) allows attackers to impersonate a legitimate host.
Several SQL vulnerabilities allow authenticated attackers access to the database. This is how data can leak.
The security patches
EdgeConnect SD-WAN Orchestrators (Self-hosted, on-premise, public cloud IaaS, -as-a-Service, -SP Tenant Orchestrators and Global Enterprise Tenant Orchestrators) are threatened by the vulnerabilities. The developers state that they have solved the security problems in versions 9.3.1 (scheduled for release at the end of August), 9.2.6 and 9.1.8.
Aruba states that they currently have no evidence of attacks. For the general security of systems, management interfaces should, if possible, not be directly accessible via the Internet. If remote access is essential, admins should implement access via a secure connection via SSH and assign strong passwords.
Go to home page
#Vulnerabilities #web #interface #Aruba #Orchestrator #vulnerable