CVE-2022-44532

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 4.9
References () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt - Vendor Advisory () https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-018.txt - Vendor Advisory

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.

Information

Published : 2022-12-12 13:15

Updated : 2024-11-21 07:28


NVD link : CVE-2022-44532

Mitre link : CVE-2022-44532

CVE.ORG link : CVE-2022-44532


JSON object : View

Products Affected

arubanetworks

  • edgeconnect_enterprise
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')