CVE-2024-22247

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 4.2

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2024-0008.html
https://www.vmware.com/security/advisories/VMSA-2024-0008.html

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-02 16:15

Updated : 2024-11-21 08:55

NVD link : CVE-2024-22247

Mitre link : CVE-2024-22247

CVE.ORG link : CVE-2024-22247

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

4.8 /10