CVE-2024-22246

Summary

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.

A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router.

Affected Software

VendorProductVersion RangeStatus
N/AVMware SD-WAN EdgeVMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.xaffected

Weaknesses

  • Unauthenticated Command Injection vulnerability in SD-WAN Edge

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References