Lucene search

VmwareCVELIST:CVE-2024-22246

HistoryApr 02, 2024 - 3:48 p.m.

CVE-2024-22246

2024-04-0215:48:23

vmware

www.cve.org

vmware

sd-wan

command injection

remote code execution

edge router ui

activation

router control

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.

A malicious actor with local access to the Edge Router UI during
activation may be able to perform a command injection attack that could
lead to full control of the router.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware SD-WAN Edge",
    "vendor": "N/A",
    "versions": [
      {
        "status": "affected",
        "version": "VMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.x"
      }
    ]
  }
]

References

www.vmware.com/security/advisories/VMSA-2024-0008.html

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-22246