Critical Vulnerability Information Vulnerability Overview CVE IDs: CVE-2023-27162, CVE-2023-27164, CVE-2023-27165, CVE-2023-27166, CVE-2023-27168, CVE-2023-27210 Affected Products: HPE Aruba Networking EdgeConnect SD-WAN Gateways Release Date: September 20, 2023 Update Date: September 20, 2023 Vulnerability Details 1. CVE-2023-27162 - Type: Authenticated Crosswalk bypass leads to Command Line Interface (CLI) interface privilege escalation - CVSS v3.1 Score: 9.0 (Critical) - Impact: Allows attackers to bypass permission checks and execute arbitrary commands. 2. CVE-2023-27164 - Type: Unauthenticated access control weakness allows Unauthorized Access to Internal Network Resources - CVSS v3.1 Score: 9.8 (Critical) - Impact: Enables unauthorized access to internal network resources. 3. CVE-2023-27165 - Type: Authenticated insecure code execution in CLI/Command Gateway Command Line Interface - CVSS v3.1 Score: 9.0 (Critical) - Impact: Allows authenticated users to execute insecure code. 4. CVE-2023-27166 - Type: Authenticated Replay attack contains Cryptographic Vulnerability - CVSS v3.1 Score: 9.0 (Critical) - Impact: Enables authenticated users to exploit cryptographic vulnerabilities via replay attacks. 5. CVE-2023-27168 - Type: Unrestricted access via File Insecure in underlying Operating System - CVSS v3.1 Score: 9.8 (Critical) - Impact: Allows unrestricted access to files in the underlying operating system. 6. CVE-2023-27210 - Type: Authenticated Arbitrary File Read leads Data Exposure in CLI Interface - CVSS v3.1 Score: 9.0 (Critical) - Impact: Allows authenticated users to read arbitrary files, leading to data exposure. Remediation Recommended Actions: Upgrade to the latest version of HPE Aruba Networking EdgeConnect SD-WAN Gateways software. Third-Party Security Detection Tools: Use Third Party Security Patching Tools for system scanning and remediation.