EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator
host.
References
Link | Resource |
---|---|
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hpe
Published: 2023-08-22T18:02:22.824Z
Updated: 2023-08-22T18:02:22.824Z
Reserved: 2023-07-05T17:36:47.997Z
Link: CVE-2023-37426
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-22T19:16:37.210
Modified: 2023-08-30T14:21:34.413
Link: CVE-2023-37426
JSON object: View
Redhat Information
No data.
CWE