CVE-2020-4001

Summary

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.

Affected Software

VendorProductVersion RangeStatus
n/aVMware SD-WAN OrchestratorVMware SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.xaffected

Weaknesses

  • Heap buffer-overflow vulnerability

ADP Enrichment

CVE Program Container

Additional References

References