CVE-2023-37421

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 22, 2023

Updated: Aug 29, 2023

CWE ID 79

Summary

CVE-2023-37421 refers to a stored cross-site scripting (XSS) vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator. This issue enables authenticated remote attackers to inject malicious scripts into the interface, which are then executed in a victim's browser with the privileges of the affected interface. Successful exploitation of this vulnerability could lead to arbitrary code execution and potential unauthorized access to sensitive information within the interface. Administrative users of the interface are particularly at risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Aruba Networks

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r45Aa0
https://www.cve.org/CVERecord?id=CVE-2023-37421
https://nvd.nist.gov/vuln/detail/CVE-2023-37421

Back to Vulnerability Database

CVE-2023-37421

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations