CVE-2024-22246

{"id": "CVE-2024-22246", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.4}]}, "published": "2024-04-02T16:15:07.573", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html", "source": "security@vmware.com"}, {"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n"}, {"lang": "es", "value": "VMware SD-WAN Edge contiene una vulnerabilidad de inyecci\u00f3n de comandos no autenticados que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un actor malintencionado con acceso local a la interfaz de usuario del Router perimetral durante la activaci\u00f3n puede realizar un ataque de inyecci\u00f3n de comandos que podr\u00eda llevar al control total del Router."}], "lastModified": "2024-11-21T08:55:52.973", "sourceIdentifier": "security@vmware.com"}