CVE-2024-22247

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 4.2

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2024-0008.html
https://www.vmware.com/security/advisories/VMSA-2024-0008.html

Configurations

No configuration.

History

21 Nov 2024, 08:55

Type	Values Removed	Values Added
References	~~() https://www.vmware.com/security/advisories/VMSA-2024-0008.html -~~	() https://www.vmware.com/security/advisories/VMSA-2024-0008.html -

03 Jul 2024, 01:47

Type	Values Removed	Values Added
CWE		CWE-287
Summary		(es) VMware SD-WAN Edge contiene una vulnerabilidad de mecanismo de autenticación y protección faltante. Un actor malintencionado con acceso físico al dispositivo SD-WAN Edge durante la activación puede explotar esta vulnerabilidad para acceder a la configuración del BIOS. Además, el actor malintencionado puede aprovechar la prioridad de arranque predeterminada configurada.

02 Apr 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-02 16:15

Updated : 2024-11-21 08:55

NVD link : CVE-2024-22247

Mitre link : CVE-2024-22247

CVE.ORG link : CVE-2024-22247

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

4.8 /10