Important
VMSA-2024-0008
7.4-4.8
2024-04-02
2024-04-02 (Initial Advisory)
CVE-2024-22246, CVE-2024-22247, CVE-2024-22248
VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities.
1. Impacted Products
VMware SD-WAN Edge
VMware SD-WAN Orchestrator
2. Introduction
Multiple vulnerabilities in VMware SD-WAN were privately reported to VMware. Patches and instructions are available to remediate the vulnerabilities in affected VMware products.
3a. Unauthenticated Command Injection vulnerability in SD-WAN Edge (CVE-2024-22246)
Description
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.4.
Known Attack Vectors
A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router.
Resolution
To remediate CVE-2024-22246 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds
None.
Additional Documentation
None
Notes
None.
Acknowledgements
VMware would like to thank Saif Aziz (@wr3nchsr) from CyShield for reporting this issue to us.
3b. Missing Authentication and Protection Mechanism vulnerability in SD-WAN Edge (CVE-2024-22247)
Description
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.8.
Known Attack Vectors
A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.
Resolution
To remediate CVE-2024-22247 apply the instructions listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Saif Aziz (@wr3nchsr) from CyShield for reporting this issue to us.
3c. Open redirect vulnerability in SD-WAN Orchestrator (CVE-2024-22248)
Description
VMware SD-WAN Orchestrator contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors
A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
Resolution
To remediate CVE-2024-22248 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Abdelrahman Adel (@K4r1it0) from CyShield for reporting this issue to us.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware SD-WAN (Edge) | 5.x | Any | CVE-2024-22246 | important
| N/A | N/A | ||
VMware SD-WAN (Edge) | 4.5.x | Any | CVE-2024-22246 | important
| N/A | N/A | ||
VMware SD-WAN (Edge) | 4.5.x/5.x | Any | CVE-2024-22247 | moderate
| N/A | N/A | ||
VMware SD-WAN (Edge) | Any | Any | CVE-2024-22248 | N/A | N/A | Unaffected | N/A | N/A |
VMware SD-WAN (Orchestrator) | Any | Any | CVE-2024-22246, CVE-2024-22247 | N/A | N/A | Unaffected | N/A | N/A |
VMware SD-WAN (Orchestrator) | 5.x | Any | CVE-2024-22248 | important
| N/A | N/A |
4. References
https://docs.vmware.com/en/VMware-SASE/5.4.0/rn/vmware-sase-540-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.3.0/rn/vmware-sase-530-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.2.0/rn/vmware-sase-520-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.1.0/rn/vmware-sase-510-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.0.0/rn/VMware-SASE-5000-Release-Notes.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22248
FIRST CVSSv3 Calculator:
CVE-2024-22246: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-22247: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2024-22248: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
5. Change Log
2024-04-02 VMSA-2024-0008
Initial security advisory.
6. Contact
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2024 Broadcom. All rights reserved.
Read full article (vmware.com)
All content and images belong to their respected owners, this article is curated for informational purposes only.
