HPE Aruba Networking EdgeConnect SD-WAN Gateways
Easy fix3 remedies
cpe:2.3:h:silver-peak:unity_edgeconnect_sd-wan:*:*:*:*:*:*:*, +1 more
Easy fix3 remedies
- >= 9.5.0.0, <= 9.5.3.0
- >= 9.4.0.0, <= 9.4.3.0
- ~9.3
- ~9.2
HPE Aruba Networking EdgeConnect SD-WAN Gateways Authenticated Remote Code Execution Vulnerability
Vulnerability
Patched
A vulnerability exists in the cryptographic logic of HPE Aruba Networking EdgeConnect SD-WAN Gateways, allowing authenticated remote attackers to gain shell access. Exploitation of this vulnerability could enable the execution of arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the affected systems. This vulnerability affects HPE Aruba Networking EdgeConnect SD-WAN Release Streams 9.5.3.x and below, 9.4.3.x and below, as well as all versions of EdgeConnect SD-WAN 9.2.x.x and older, which are out of maintenance.
Impact
Successful exploitation allows authenticated remote attackers to execute arbitrary commands on the underlying operating system with root privileges, potentially leading to unauthorized access and control over the affected systems.
Remediation
Users are advised to upgrade to HPE Aruba Networking EdgeConnect SD-WAN 9.5.4.1 or 9.4.4.2. The Orchestrator software version must be equal to or greater than the ECOS version running on any HPE Aruba Networking EdgeConnect SD-WAN Gateways.
Added: Sep 16, 2025, 11:21 PM
Updated: Sep 16, 2025, 11:21 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
10.0exploitability
4.9remediation
7.9relevance
0.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.