vulnerability

Aruba ECOS: CVE-2023-37440: Authenticated Server-Side Request Forgery (SSRF) Leading to Information Disclosure

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:M/C:P/I:P/A:N)	Aug 22, 2023	Mar 17, 2025	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:P/I:P/A:N)

Published

Aug 22, 2023

Added

Mar 17, 2025

Modified

Jul 2, 2025

Description

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

Solution

aruba-ecos-cve-2023-37440

References

CVE-2023-37440
https://attackerkb.com/topics/CVE-2023-37440
URL-https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-012.json
CWE-918

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today