CVE-2024-22246
7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.
A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| N/A | VMware SD-WAN Edge | VMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.x | affected |
Weaknesses
- Unauthenticated Command Injection vulnerability in SD-WAN Edge
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.