Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22246", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-01-08T18:43:03.535Z", "datePublished": "2024-04-02T15:48:23.171Z", "dateUpdated": "2024-08-01T22:43:34.263Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VMware SD-WAN Edge", "vendor": "N/A", "versions": [{"status": "affected", "version": "VMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.x"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nVMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n"}], "value": "VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Unauthenticated Command Injection vulnerability in SD-WAN Edge ", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-04-02T15:48:23.171Z"}, "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22246", "role": "CISA Coordinator", "options": [{"Exploitation": "None"}, {"Automatable": "No"}, {"Technical Impact": "Total"}], "version": "2.0.3", "timestamp": "2024-04-19T04:01:09.327516Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:sd-wan_edge:4.5.x:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "sd-wan_edge", "versions": [{"status": "affected", "version": "4.5.x"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:sd-wan_edge:5.x:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "sd-wan_edge", "versions": [{"status": "affected", "version": "5.x"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:41.265Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.263Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html", "tags": ["x_transferred"]}]}]}}