VMware has identified several critical vulnerabilities affecting VMware SD-WAN Edge and SD-WAN Orchestrator products. These vulnerabilities, including unauthenticated command injection (CVE-2024-22246), missing authentication and protection mechanisms (CVE-2024-22247), and an open redirect vulnerability (CVE-2024-22248), present significant security risks to affected systems.
Exploitation of these vulnerabilities could result in remote code execution, unauthorized access to BIOS configuration, and sensitive information disclosure.The severity of these vulnerabilities varies, with CVSSv3 base scores ranging from 4.8 to 7.4, highlighting the critical nature of the threats posed. VMware has released patches and provided instructions for remediation, urging affected users to apply these updates immediately to mitigate the risks associated with the identified vulnerabilities.VMware acknowledges the contributions of security researchers Saif Aziz from CyShield and Abdelrahman Adel from CyShield for responsibly disclosing these vulnerabilities, enabling prompt remediation efforts.
Reference:
