{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22246", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-01-08T18:43:03.535Z", "datePublished": "2024-04-02T15:48:23.171Z", "dateUpdated": "2024-08-01T22:43:34.263Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VMware SD-WAN Edge", "vendor": "N/A", "versions": [{"status": "affected", "version": "VMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.x"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nVMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n"}], "value": "VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Unauthenticated Command Injection vulnerability in SD-WAN Edge ", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-04-02T15:48:23.171Z"}, "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22246", "role": "CISA Coordinator", "options": [{"Exploitation": "None"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-04-19T04:01:09.327516Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:sd-wan_edge:4.5.x:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "sd-wan_edge", "versions": [{"status": "affected", "version": "4.5.x"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:sd-wan_edge:5.x:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "sd-wan_edge", "versions": [{"status": "affected", "version": "5.x"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:41.265Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.263Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.263Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22246", "role": "CISA Coordinator", "options": [{"Exploitation": "None"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-04-19T04:01:09.327516Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:sd-wan_edge:4.5.x:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "sd-wan_edge", "versions": [{"status": "affected", "version": "4.5.x"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:sd-wan_edge:5.x:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "sd-wan_edge", "versions": [{"status": "affected", "version": "5.x"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T19:47:49.506Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "N/A", "product": "VMware SD-WAN Edge", "versions": [{"status": "affected", "version": "VMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.x"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n", "supportingMedia": [{"type": "text/html", "value": "\nVMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Unauthenticated Command Injection vulnerability in SD-WAN Edge "}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-04-02T15:48:23.171Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22246", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:43:34.263Z", "dateReserved": "2024-01-08T18:43:03.535Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-04-02T15:48:23.171Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n"}, {"lang": "es", "value": "VMware SD-WAN Edge contiene una vulnerabilidad de inyecci\u00f3n de comandos no autenticados que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un actor malintencionado con acceso local a la interfaz de usuario del Router perimetral durante la activaci\u00f3n puede realizar un ataque de inyecci\u00f3n de comandos que podr\u00eda llevar al control total del Router."}], "id": "CVE-2024-22246", "lastModified": "2024-11-21T08:55:52.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-04-02T16:15:07.573", "references": [{"source": "security@vmware.com", "url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}