HPE Aruba Networking EdgeConnect SD-WAN
Easy fix3 remedies
cpe:2.3:h:silver-peak:unity_edgeconnect_sd-wan:*:*:*:*:*:*:*, +1 more
Easy fix3 remedies
- >= 9.5.0.0, <= 9.5.3.0
- >= 9.4.0.0, <= 9.4.3.0
- ~9.3
- ~9.2
HPE Aruba Networking EdgeConnect OS Broken Access Control Vulnerability
Vulnerability
Patched
A broken access control vulnerability has been identified in HPE Aruba Networking EdgeConnect OS (ECOS) running on SD-WAN Gateways. This vulnerability allows attackers to bypass firewall protections, potentially misrouting unauthorized traffic and disrupting services. Affected versions include EdgeConnect SD-WAN Release Streams 9.5.3.x and below, 9.4.3.x and below, as well as all versions of 9.2.x.x and older, which are out of maintenance.
Impact
Exploitation of this vulnerability could lead to unauthorized access to internal network resources by allowing traffic to bypass firewall controls.
Remediation
Users are advised to upgrade to HPE Aruba Networking EdgeConnect SD-WAN versions 9.5.4.1 or 9.4.4.2. For Orchestrator software, the version must be equal to or greater than the ECOS version running on the gateways.
Added: Sep 16, 2025, 11:22 PM
Updated: Sep 16, 2025, 11:22 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
5.0exploitability
7.0remediation
8.3relevance
0.5threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.