A high-severity vulnerability has been identified in HPE Aruba Networking EdgeConnect SD-WAN Gateways. This flaw allows an authenticated remote attacker to execute arbitrary commands on the device, potentially leading to a complete system compromise. Successful exploitation could result in network traffic interception, data theft, or widespread network disruption.

The vulnerability is a command injection flaw within the Command Line Interface (CLI) of the affected gateways. An attacker who has successfully authenticated to the device's CLI can submit specially crafted input. The system fails to properly sanitize this input, allowing the attacker to break out of the restricted CLI shell and execute commands directly on the underlying host operating system with elevated privileges.

This vulnerability is rated as High severity with a CVSS score of 7.2. A successful exploit would grant an attacker full control over a critical network infrastructure component. The potential consequences include interception and exfiltration of sensitive data passing through the network, modification of network traffic to redirect users to malicious sites, and the ability to cause a denial-of-service condition by disrupting network operations. Furthermore, a compromised gateway could be used as a pivot point to launch further attacks against the internal corporate network, significantly escalating the risk to the organization's data confidentiality, integrity, and availability.

Immediate Action: Organizations must apply the security updates provided by the vendor to all affected EdgeConnect SD-WAN Gateways immediately. Before and after patching, administrators should review CLI access logs for any unusual or suspicious command sequences that may indicate a past or ongoing exploitation attempt.

Proactive Monitoring: Implement enhanced logging and monitoring for all administrative access to the SD-WAN gateways. Specifically, look for unusual commands being executed via the CLI, unexpected shell invocations (e.g., /bin/sh, /bin/bash), and any outbound network connections originating from the gateway's management interface to unknown destinations. Alert on repeated failed login attempts or successful logins from atypical geographic locations.

Compensating Controls: If immediate patching is not feasible, apply strict access control lists (ACLs) to the device's management interface, ensuring that only authorized administrative workstations from a trusted network segment can connect. Enforce the use of multi-factor authentication (MFA) for all administrative accounts to raise the difficulty of an attacker gaining the initial authenticated access required to exploit this vulnerability.

Public Exploit Available: false

Given the high severity of this vulnerability and its impact on critical network infrastructure, we strongly recommend that organizations prioritize the deployment of vendor-supplied patches across all affected HPE Aruba Networking EdgeConnect SD-WAN Gateways. Although this CVE is not currently listed on the CISA KEV catalog, its potential for complete network takeover warrants immediate action. If patching is delayed, the compensating controls outlined above, particularly restricting management access and enforcing MFA, must be implemented as an urgent interim measure to reduce the attack surface.