VMwareVMSA-2024-0008VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities.
3a. Unauthenticated Command Injection vulnerability in SD-WAN Edge (CVE-2024-22246)
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.4.
3b. Missing Authentication and Protection Mechanism vulnerability in SD-WAN Edge (CVE-2024-22247)
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.8.
3c. Open redirect vulnerability in SD-WAN Orchestrator (CVE-2024-22248)
VMware SD-WAN Orchestrator contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22248
docs.vmware.com/en/VMware-SASE/5.0.0/rn/VMware-SASE-5000-Release-Notes.html
docs.vmware.com/en/VMware-SASE/5.1.0/rn/vmware-sase-510-release-notes/index.html
docs.vmware.com/en/VMware-SASE/5.2.0/rn/vmware-sase-520-release-notes/index.html
docs.vmware.com/en/VMware-SASE/5.3.0/rn/vmware-sase-530-release-notes/index.html
docs.vmware.com/en/VMware-SASE/5.4.0/rn/vmware-sase-540-release-notes/index.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Related
