Warning: Critical Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator
Aruba is warning its customers about a high severity vulnerability in their product Aruba EdgeConnect Enterprise Orchestrator.
Successful exploitation of CVE-2022-37913 and CVE-2022-37914 can lead to authentication bypass and allow attackers to perform operations on the administrative interface.
Successful exploitation of CVE-2022-37915 can lead to unauthenticated remote code execution and allow attackers to compromise the host system.
The attack does not require any user interaction and can be executed remotely. The impact to confidentiality, integrity and availability is high.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
Aruba has released patches for Aruba EdgeConnect Enterprise Orchestrator that addresses multiple security vulnerabilities.
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host.
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and analyze system and network logs for any suspicious activity. This report has instructions to help your organization.
- Aruba EdgeConnect Enterprise Orchestrator (on-premises)
- Orchestrator 184.108.40.206405 and above
- Orchestrator 220.127.116.11197 and above
- Orchestrator 18.104.22.168110 and above
- Orchestrator 22.214.171.124015 and above
- Aruba EdgeConnect Enterprise Orchestrator-as-a-Service
- TAC will automatically create a support case for Aruba (Silver Peak) hosted Orchestrators to be upgraded.
- Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global
- Enterprise Tenant Orchestrators
- Service providers must upgrade all tenants to a patched version listed above
Aruba recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
When applying patches to systems that have been vulnerable to an authentication bypass, a proactive threat assessment should be performed to verify the device was not accessed from an unknown IP or location.