CNNVD-202601-2396 Information

Jan 14, 2026 cve

CNNVD ID

CNNVD-202601-2396

CVE-2025-37185

CNNVD Published: 2026-01-14

Description (Chinese)

HPE EdgeConnect SD-WAN Orchestrator是美国HPE公司的一个集中式 SD-WAN 管理平台。可对 WAN 提供完全的可观察性和控制。 HPE EdgeConnect SD-WAN Orchestrator存在安全漏洞，该漏洞源于Web管理界面存在存储型跨站脚本，可能导致对主机进行未经授权的任意配置更改。

Description (English)

HPE EdgeConnect SD-WAN Orchestrator is a centralized SD-WAN management platform for HPE in the United States. WAN can be fully observable and controlled. HPE EdgeConnect SD-WAN Orchestra has a security loophole, which stems from the existence of a storage cross-site script in the Web management interface, which may lead to unauthorized arbitrary configuration changes to the mainframe.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HPE

Published

2026-01-14

Last Modified

2026-02-24

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04992en_us&docLocale=en_US

Patch

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04992en_us&docLocale=en_US

Share on: