High severity7.4NVD Advisory· Published Aug 22, 2023· Updated Jun 17, 2026
CVE-2023-37426
CVE-2023-37426
Description
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host.
Affected products
2- Hewlett Packard Enterprise (HPE)/EdgeConnect SD-WAN Orchestratorv5Range: Orchestrator 9.3.x
Patches
Vulnerability mechanics
References
1- www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txtnvdVendor Advisory
News mentions
0No linked articles in our index yet.