Search

Find a vulnerability

Search criteria

    1 vulnerability found for EdgeConnect SD-WAN Gateways by HPE Aruba Networking

    CERTFR-2025-AVI-0795

    Vulnerability from certfr_avis - Published: 2025-09-17 - Updated: 2025-09-17

    De multiples vulnérabilités ont été découvertes dans HPE Aruba Networking EdgeConnect SD-WAN Gateways. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    HPE Aruba Networking EdgeConnect SD-WAN Gateways HPE Aruba Networking EdgeConnect SD-WAN Gateway versions ECOS 9.5.x antérieures à ECOS 9.5.4.1
    HPE Aruba Networking EdgeConnect SD-WAN Gateways HPE Aruba Networking EdgeConnect SD-WAN Gateway versions ECOS 9.4.x antérieures à ECOS 9.4.4.2
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "HPE Aruba Networking EdgeConnect SD-WAN Gateway versions ECOS 9.5.x ant\u00e9rieures \u00e0 ECOS 9.5.4.1",
          "product": {
            "name": "EdgeConnect SD-WAN Gateways",
            "vendor": {
              "name": "HPE Aruba Networking",
              "scada": false
            }
          }
        },
        {
          "description": "HPE Aruba Networking EdgeConnect SD-WAN Gateway versions ECOS 9.4.x ant\u00e9rieures \u00e0 ECOS 9.4.4.2",
          "product": {
            "name": "EdgeConnect SD-WAN Gateways",
            "vendor": {
              "name": "HPE Aruba Networking",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-37125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37125"
        },
        {
          "name": "CVE-2025-37123",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37123"
        },
        {
          "name": "CVE-2025-37129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37129"
        },
        {
          "name": "CVE-2025-37127",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37127"
        },
        {
          "name": "CVE-2025-37130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37130"
        },
        {
          "name": "CVE-2025-37124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37124"
        },
        {
          "name": "CVE-2025-37126",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37126"
        },
        {
          "name": "CVE-2025-37131",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37131"
        },
        {
          "name": "CVE-2025-37128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37128"
        }
      ],
      "initial_release_date": "2025-09-17T00:00:00",
      "last_revision_date": "2025-09-17T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0795",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-09-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HPE Aruba Networking EdgeConnect SD-WAN Gateways. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans HPE Aruba Networking EdgeConnect SD-WAN Gateways",
      "vendor_advisories": [
        {
          "published_at": "2025-09-16",
          "title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking HPESBNW04943",
          "url": "https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04943.txt"
        }
      ]
    }