- 103/2024
- High
VMware has released security updates to address several vulnerabilities in VMware SD-WAN Orchestrator and VMware SD-WAN Edge.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct phishing attacks, obtain sensitive information, or execute arbitrary code on the affected products by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. VMware SD-WAN Edge Command Execution Vulnerability (CVE-2024-22246):
- CVSS: 7.4
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. VMware SD-WAN Orchestrator Open Redirect Vulnerability (CVE-2024- 22248):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Vulnerabilities
- CVE-2024-22246
- CVE-2024-22247
- CVE-2024-22248
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.