Flaws imperiling the HPE Aruba Networking EdgeConnect Software-Defined Wide Area Networking (SD-WAN)

Flaws imperiling the HPE Aruba Networking EdgeConnect Software-Defined Wide Area Networking (SD-WAN)

In a recent announcement, HPE has released security patches for nine vulnerabilities found in their Aruba Networking EdgeConnect SD-WAN software. These patches are crucial for protecting against potential attacks, particularly those rated as 'high' severity.

The most significant vulnerabilities, CVE-2025-37126 and CVE-2025-37127, pose serious threats. CVE-2025-37126 allows attackers to execute system-level commands, while CVE-2025-37127 could potentially give attackers control over systems.

Another concerning vulnerability, CVE-2025-37124, enables attackers to bypass firewall protection without requiring authentication. This is a significant risk, as successful attacks on these patched vulnerabilities could allow attackers to execute malicious code and fully compromise systems.

CVE-2025-37123, a vulnerability in the Command-Line Interface, allows remote attackers to gain higher user privileges and execute their own code with root rights. However, this vulnerability requires authentication.

To mitigate these risks, HPE recommends installing HPE Aruba Networking EdgeConnect SD-WAN versions 9.5.4.1 or 9.4.4.2. Additionally, implementing firewall rules, using authentication methods like RADIUS or TACACS, and restricting access to the web interface and external sources are all recommended for added security. Access to the web interface should be restricted to selected accounts only.

It's important to note that while no known attacks are currently associated with these versions, the dynamic nature of cyber threats necessitates prompt installation of security patches. The search results do not provide specific names of organisations or individuals using HPE Aruba Networking EdgeConnect SD-WAN who might be affected by these security vulnerabilities. However, enterprise customers using the product could potentially be impacted, particularly those using Wide Area Networks with this SD-WAN solution.

In related news, Rimini Street and American Digital, partners providing services for HPE Aruba solutions, support customers including Regal Rexnord. However, there is no direct indication that they or their clients are impacted by these specific security issues.

In conclusion, it is essential for administrators to install the security patches for HPE Aruba Networking EdgeConnect SD-WAN promptly to protect their systems from potential attacks. Implementing additional security measures such as firewall rules, authentication methods, and access restrictions can further enhance security.

Read also:

• Artificial Intelligence with independent agency could potentially intervene in cybercrises.
• Autocrrypt and Cohda Wireless Collaborate for Secure Vehicle-to-Everything Communication
• UNESCO Recognizes Traditional Board Game from Togaykumalak as Intangible Cultural Heritage
• Germany's digital autonomy remains elusive for now