EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an malicious user to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arubanetworks edgeconnect sd-wan orchestrator 9.3.0 |
||
arubanetworks edgeconnect sd-wan orchestrator |