Aruba Networking EdgeConnect SD-WAN Gateways
by HPE
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-37123 | Hig | 0.57 | 8.8 | 0.00 | Sep 16, 2025 | A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with… | ||
| CVE-2025-37124 | Hig | 0.56 | 8.6 | 0.00 | Sep 16, 2025 | A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized… | ||
| CVE-2025-37127 | Hig | 0.47 | 7.2 | 0.00 | Sep 16, 2025 | A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating… | ||
| CVE-2025-37126 | Hig | 0.47 | 7.2 | 0.00 | Sep 16, 2025 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-41135 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-41134 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-41133 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-33519 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to… | ||
| CVE-2025-37129 | Med | 0.44 | 6.7 | 0.00 | Sep 16, 2025 | A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if… | ||
| CVE-2025-37128 | Med | 0.44 | 6.8 | 0.00 | Sep 16, 2025 | A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an… | ||
| CVE-2025-37130 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system. | ||
| CVE-2025-37131 | Med | 0.32 | 4.9 | 0.00 | Sep 16, 2025 | A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information. | ||
| CVE-2024-41136 | 0.00 | — | 0.00 | Jul 24, 2024 | An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying… | |||
| CVE-2019-16099 | 0.00 | — | 0.00 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | |||
| CVE-2019-16100 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. | |||
| CVE-2019-16102 | 0.00 | — | 0.00 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. | |||
| CVE-2019-16103 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. | |||
| CVE-2019-16104 | 0.00 | — | 0.00 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. | |||
| CVE-2019-16105 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. |
- risk 0.57cvss 8.8epss 0.00
A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with…
- risk 0.56cvss 8.6epss 0.00
A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized…
- risk 0.47cvss 7.2epss 0.00
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating…
- risk 0.47cvss 7.2epss 0.00
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to…
- risk 0.44cvss 6.7epss 0.00
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if…
- risk 0.44cvss 6.8epss 0.00
A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.
- risk 0.32cvss 4.9epss 0.00
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.
- CVE-2024-41136Jul 24, 2024risk 0.00cvss —epss 0.00
An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying…
- CVE-2019-16099Sep 8, 2019risk 0.00cvss —epss 0.00
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.
- CVE-2019-16100Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.
- CVE-2019-16102Sep 8, 2019risk 0.00cvss —epss 0.00
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
- CVE-2019-16103Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
- CVE-2019-16104Sep 8, 2019risk 0.00cvss —epss 0.00
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.
- CVE-2019-16105Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.