{"cve":{"cve_id":"CVE-2023-37426","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00389,"epss_percentile":0.30606,"epss_as_of":"2026-06-23","description":"EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator\nhost.","published_at":"2023-08-22T18:02:22.824000Z","last_modified_at":null,"cvss_v3_score":7.4,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":null,"nvd_references":["https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:33:59.170901Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"edgeconnect-sd-wan-orchestrator","product_name":"EdgeConnect SD-WAN Orchestrator","version_start":"Orchestrator 9.3.x","version_start_inclusive":true,"version_end":"<=9.3.0","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:edgeconnect-sd-wan-orchestrator:Orchestrator 9.3.x:<=9.3.0"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"edgeconnect-sd-wan-orchestrator","product_name":"EdgeConnect SD-WAN Orchestrator","version_start":"Orchestrator 9.2.x","version_start_inclusive":true,"version_end":"<=9.2.5","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:edgeconnect-sd-wan-orchestrator:Orchestrator 9.2.x:<=9.2.5"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"edgeconnect-sd-wan-orchestrator","product_name":"EdgeConnect SD-WAN Orchestrator","version_start":"Orchestrator 9.1.x","version_start_inclusive":true,"version_end":"<=9.1.7","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:edgeconnect-sd-wan-orchestrator:Orchestrator 9.1.x:<=9.1.7"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2023-08-22T18:02:22.824000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:29:09.228203Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:29:09.228203Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:29:09.228203Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:33:59.170901Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:33:59.170901Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:33:59.170901Z","label":"SSVC decision revised","source":"vulnrichment"}]}