HPE Aruba Networking EdgeConnect SD-WAN Gateways
Easy fix3 remedies
cpe:2.3:h:silver-peak:unity_edgeconnect_sd-wan:*:*:*:*:*:*:*, +1 more
Easy fix3 remedies
- >= 9.5.0.0, <= 9.5.3.0
- >= 9.4.0.0, <= 9.4.3.0
- ~9.3
- ~9.2
HPE Aruba Networking EdgeConnect SD-WAN Gateways Privilege Escalation Vulnerability
Vulnerability
Patched
A vulnerability exists in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways. It allows authenticated remote attackers to escalate privileges, potentially enabling them to execute arbitrary system commands with root privileges on the underlying operating system. This issue affects HPE Aruba Networking EdgeConnect SD-WAN Release Streams 9.5.3.x and below, 9.4.3.x and below, as well as all versions of EdgeConnect OS 9.2.x.x and older, which are out of maintenance.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing attackers to execute arbitrary commands as root on the affected system.
Remediation
Users are advised to upgrade to HPE Aruba Networking EdgeConnect SD-WAN versions 9.5.4.1 or above, or 9.4.4.2 or above. For those using the EdgeConnect SD-WAN Orchestrator, ensure the software version is equal to or greater than the ECOS version running on the gateways.
Added: Sep 16, 2025, 11:24 PM
Updated: Sep 16, 2025, 11:24 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
10.0exploitability
4.9remediation
7.9relevance
0.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.