Description
Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Hewlett Packard Enterprise (HPE) / Aruba EdgeConnect Enterprise SoftwareECOS 9.2.x.x – 9.2.3.0
- Hewlett Packard Enterprise (HPE) / Aruba EdgeConnect Enterprise SoftwareECOS 9.1.x.x – 9.1.5.0
- Hewlett Packard Enterprise (HPE) / Aruba EdgeConnect Enterprise SoftwareECOS 9.0.x.x – 9.0.8.0
- Hewlett Packard Enterprise (HPE) / Aruba EdgeConnect Enterprise SoftwareECOS 8.x.x.x – all