A high-severity vulnerability has been identified in HPE Aruba Networking EdgeConnect SD-WAN Gateways. This flaw in the device's cryptographic functions could allow an authenticated attacker to bypass security measures and gain complete control (shell access) of the affected system, potentially disrupting network traffic and accessing sensitive data.

The vulnerability exists within the cryptographic implementation of HPE Aruba Networking EdgeConnect SD-WAN Gateways. An authenticated attacker with remote access can exploit this flaw by sending specially crafted requests that leverage weaknesses in the cryptographic logic. Successful exploitation bypasses standard authentication and authorization checks, allowing the attacker to escalate their privileges and gain full administrative shell access to the underlying operating system of the gateway. The attack requires prior authentication, meaning the threat actor must already possess valid, potentially low-privileged, credentials for the target device.

This vulnerability is rated as High severity with a CVSS score of 7.2. A successful exploit would grant an attacker complete control over a critical network infrastructure component, the SD-WAN gateway. This could lead to severe business consequences, including network-wide service disruptions, interception and exfiltration of sensitive data transiting the network, and the ability for the attacker to move laterally into other protected corporate network segments. The compromise of an edge device poses a significant risk to the confidentiality, integrity, and availability of the entire enterprise network.

Immediate Action: Organizations must prioritize the immediate application of security patches released by HPE Aruba Networking for all affected EdgeConnect SD-WAN Gateway devices. Refer to the vendor's security advisory for the specific patches corresponding to your deployed versions. Until patching is complete, access to the device's management interface should be restricted to only trusted administrative personnel and networks.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes scrutinizing authentication logs on EdgeConnect gateways for unusual or successful logins from unexpected IP addresses or accounts. Monitor for any anomalous outbound network connections from the gateways themselves and review system logs for any unauthorized command execution or configuration changes that could indicate shell access has been achieved.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the attack surface. Strictly limit access to the device's management interface to a dedicated, secure management network. Enforce multi-factor authentication (MFA) for all administrative accounts to make the initial authentication prerequisite more difficult for an attacker to achieve. Enhance logging and forward device logs to a central SIEM for continuous monitoring and alerting on suspicious activity.

Public Exploit Available: false

Due to the high severity (CVSS 7.2) of this vulnerability and the critical role of SD-WAN gateways in the network, we strongly recommend that organizations treat this as a high-priority issue. The potential for a complete system compromise necessitates immediate action. Administrators should apply the vendor-provided security updates across all affected HPE Aruba Networking EdgeConnect devices without delay. While this CVE is not yet on the CISA KEV list, the significant impact of a successful exploit warrants immediate remediation to prevent potential network disruption and data compromise.