VMSA-2024-0008:VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities.

24271

08 May 2024

08 May 2024

CLOSED

HIGH

7.4-4.8

None

CVE-2024-22246, CVE-2024-22247, CVE-2024-22248

Advisory ID:  VMSA-2024-0008
Advisory Severity: Important
CVSSv3 Range: 7.4 - 4.8
Synopsis: VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2024-22246, CVE-2024-22247, CVE-2024-22248)
Issue date: 2024-04-02
Updated on: 2024-04-02 (Initial Advisory)
CVE(s)

CVE-2024-22246, CVE-2024-22247, CVE-2024-22248

 

1. Impacted Products

VMware SD-WAN Edge

VMware SD-WAN Orchestrator

2. Introduction

Multiple vulnerabilities in VMware SD-WAN were privately reported to VMware. Patches and instructions are available to remediate the vulnerabilities in affected VMware products.

3a. Unauthenticated Command Injection vulnerability in SD-WAN Edge (CVE-2024-22246)

Description

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.4.

Known Attack Vectors

A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router.

Resolution

To remediate CVE-2024-22246 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None

Notes

None.

Acknowledgements

VMware would like to thank Saif Aziz (@wr3nchsr) from CyShield for reporting this issue to us.

3b. Missing Authentication and Protection Mechanism vulnerability in SD-WAN Edge (CVE-2024-22247)

Description

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.8.

Known Attack Vectors

A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.

Resolution

To remediate CVE-2024-22247 apply the instructions listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.  

Notes

None.

Acknowledgements

VMware would like to thank Saif Aziz (@wr3nchsr) from CyShield for reporting this issue to us.

3c. Open redirect vulnerability in SD-WAN Orchestrator (CVE-2024-22248)

Description

VMware SD-WAN Orchestrator contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors

A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

Resolution

To remediate CVE-2024-22248 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Abdelrahman Adel (@K4r1it0) from CyShield for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware SD-WAN (Edge)
5.x
Any
CVE-2024-22246
important
N/A
N/A
VMware SD-WAN (Edge)
4.5.x
Any
CVE-2024-22246
important
N/A
N/A
VMware SD-WAN (Edge)
4.5.x/5.x
Any
CVE-2024-22247
moderate
N/A
N/A
VMware SD-WAN (Edge)
Any
Any
CVE-2024-22248
N/A
N/A
Unaffected
N/A
N/A
VMware SD-WAN (Orchestrator)
Any
Any
CVE-2024-22246, CVE-2024-22247
N/A
N/A
Unaffected
N/A
N/A
VMware SD-WAN (Orchestrator)
5.x
Any
CVE-2024-22248
important
N/A
N/A

 

4. References
5. Change Log

2024-04-02 VMSA-2024-0008
Initial security advisory.

 
6. Contact

E-mail: [email protected]

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC

Copyright 2024 Broadcom. All rights reserved.