EdgeConnect SD-WAN gateway
by HPE
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-37127 | Hig | 0.47 | 7.2 | 0.00 | Sep 16, 2025 | A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating… | ||
| CVE-2024-41135 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-41134 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-41133 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute… | ||
| CVE-2024-33519 | Hig | 0.47 | 7.2 | 0.01 | Jul 24, 2024 | A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to… | ||
| CVE-2025-37129 | Med | 0.44 | 6.7 | 0.00 | Sep 16, 2025 | A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if… | ||
| CVE-2025-37130 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system. | ||
| CVE-2025-37131 | Med | 0.32 | 4.9 | 0.00 | Sep 16, 2025 | A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information. | ||
| CVE-2019-16099 | 0.00 | — | 0.00 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | |||
| CVE-2019-16100 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source. | |||
| CVE-2019-16102 | 0.00 | — | 0.00 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity. | |||
| CVE-2019-16103 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. | |||
| CVE-2019-16104 | 0.00 | — | 0.00 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. | |||
| CVE-2019-16105 | 0.00 | — | 0.01 | Sep 8, 2019 | Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. |
- risk 0.47cvss 7.2epss 0.00
A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute…
- risk 0.47cvss 7.2epss 0.01
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to…
- risk 0.44cvss 6.7epss 0.00
A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.
- risk 0.32cvss 4.9epss 0.00
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.
- CVE-2019-16099Sep 8, 2019risk 0.00cvss —epss 0.00
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.
- CVE-2019-16100Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.
- CVE-2019-16102Sep 8, 2019risk 0.00cvss —epss 0.00
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.
- CVE-2019-16103Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
- CVE-2019-16104Sep 8, 2019risk 0.00cvss —epss 0.00
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.
- CVE-2019-16105Sep 8, 2019risk 0.00cvss —epss 0.01
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.