Lucene search

VmwareCVELIST:CVE-2024-22247

HistoryApr 02, 2024 - 3:49 p.m.

CVE-2024-22247

2024-04-0215:49:41

vmware

www.cve.org

vmware

sd-wan edge

missing authentication

vulnerability

bios configuration

default boot priority

CVSS3

4.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability.

A malicious actor with physical access to the SD-WAN Edge appliance
during activation can potentially exploit this vulnerability to access
the BIOS configuration. In addition, the malicious actor may be able to
exploit the default boot priority configured.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "VMware SD-WAN Edge",
    "vendor": "N/A",
    "versions": [
      {
        "status": "affected",
        "version": "VMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.x"
      }
    ]
  }
]

References

www.vmware.com/security/advisories/VMSA-2024-0008.html

CVSS3

4.8

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-22247