HPE Aruba Networking EdgeConnect SD-WAN
Easy fix3 remedies
cpe:2.3:h:silver-peak:unity_edgeconnect_sd-wan:*:*:*:*:*:*:*, +1 more
Easy fix3 remedies
- >= 9.5.0.0, <= 9.5.3.0
- >= 9.4.0.0, <= 9.4.3.0
- ~9.3
- ~9.2
HPE Aruba Networking EdgeConnect SD-WAN Gateways Firewall Bypass Vulnerability
Vulnerability
Patched
A vulnerability exists in HPE Aruba Networking EdgeConnect SD-WAN Gateways, specifically in versions 9.5.3.x and below on the 9.5.x.x release stream, as well as 9.4.3.x and below on the 9.4.x.x release stream. This vulnerability allows an unauthenticated remote attacker to bypass firewall protections, potentially misrouting harmful traffic through the internal network. This could lead to unauthorized access or disruption of services.
Impact
Exploitation of this vulnerability could allow an attacker to route harmful traffic into the internal network, bypassing firewall protections and potentially leading to unauthorized access or service disruption.
Remediation
Users are advised to upgrade to HPE Aruba Networking EdgeConnect SD-WAN versions 9.5.4.1 or 9.4.4.2. For Orchestrator software, the version must be greater than or equal to the ECOS version running on the gateways.
Added: Sep 16, 2025, 11:23 PM
Updated: Sep 16, 2025, 11:23 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
3.8exploitability
7.0remediation
7.9relevance
0.5threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.