EdgeConnect OS
by HPE
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-37125 | Hig | 0.49 | 7.5 | 0.00 | Sep 16, 2025 | A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly | ||
| CVE-2020-12142 | 0.00 | — | 0.01 | May 5, 2020 | 1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability… | |||
| CVE-2020-12144 | 0.00 | — | 0.00 | May 5, 2020 | The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. | |||
| CVE-2020-12143 | 0.00 | — | 0.00 | May 5, 2020 | The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | |||
| CVE-2019-16101 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI. |
- risk 0.49cvss 7.5epss 0.00
A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly
- CVE-2020-12142May 5, 2020risk 0.00cvss —epss 0.01
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability…
- CVE-2020-12144May 5, 2020risk 0.00cvss —epss 0.00
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal.
- CVE-2020-12143May 5, 2020risk 0.00cvss —epss 0.00
The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator.
- CVE-2019-16101Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI.