VMSA-2024-0008

VMware Security Advisory

Important

Advisory ID:
VMSA-2024-0008

CVSSv3 Range:
7.4-4.8

Issue Date:
2024-04-02

Updated On:
2024-04-02 (Initial Advisory)

CVE(s):
CVE-2024-22246, CVE-2024-22247, CVE-2024-22248

Synopsis:
VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities.

1. Impacted Products

VMware SD-WAN Edge
VMware SD-WAN Orchestrator

2. Introduction

Multiple vulnerabilities in VMware SD-WAN were privately reported to VMware. Patches and instructions are available to remediate the vulnerabilities in affected VMware products.

3a. Unauthenticated Command Injection vulnerability in SD-WAN Edge (CVE-2024-22246)

Description

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.4.

Known Attack Vectors

A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router.

Resolution

To remediate CVE-2024-22246 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

None.

Additional Documentation

None

Notes

None.

Acknowledgements

VMware would like to thank Saif Aziz (@wr3nchsr) from CyShield for reporting this issue to us.

3b. Missing Authentication and Protection Mechanism vulnerability in SD-WAN Edge (CVE-2024-22247)

Description

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.8.

Known Attack Vectors

A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.

Resolution

To remediate CVE-2024-22247 apply the instructions listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

None.

Additional Documentation

None.  

Notes

None.

Acknowledgements

VMware would like to thank Saif Aziz (@wr3nchsr) from CyShield for reporting this issue to us.

3c. Open redirect vulnerability in SD-WAN Orchestrator (CVE-2024-22248)

Description

VMware SD-WAN Orchestrator contains an open redirect vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors

A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.

Resolution

To remediate CVE-2024-22248 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Abdelrahman Adel (@K4r1it0) from CyShield for reporting this issue to us.

Response Matrix

Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation

VMware SD-WAN (Edge)

5.x

Any

CVE-2024-22246

7.4

important

5.0.1+

N/A

N/A

VMware SD-WAN (Edge)

4.5.x

Any

CVE-2024-22246

7.4

important

4.5.1+

N/A

N/A

VMware SD-WAN (Edge)

4.5.x/5.x

Any

CVE-2024-22247

4.8

moderate

KB97391

N/A

N/A

VMware SD-WAN (Edge)

Any

Any

CVE-2024-22248

N/A

N/A

Unaffected

N/A

N/A

VMware SD-WAN (Orchestrator)

Any

Any

CVE-2024-22246, CVE-2024-22247

N/A

N/A

Unaffected

N/A

N/A

VMware SD-WAN (Orchestrator)

5.x

Any

CVE-2024-22248

7.1

important

5.0.1+

N/A

N/A

4. References

https://docs.vmware.com/en/VMware-SASE/5.4.0/rn/vmware-sase-540-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.3.0/rn/vmware-sase-530-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.2.0/rn/vmware-sase-520-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.1.0/rn/vmware-sase-510-release-notes/index.html
https://docs.vmware.com/en/VMware-SASE/5.0.0/rn/VMware-SASE-5000-Release-Notes.html
 
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22248
FIRST CVSSv3 Calculator: CVE-2024-22246: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2024-22247: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2024-22248: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

5. Change Log

2024-04-02 VMSA-2024-0008 Initial security advisory.

6. Contact

E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC
Copyright 2024 Broadcom. All rights reserved.
 

CLICK FOR MORE INFORMATION

Leave a Reply

Your email address will not be published. Required fields are marked *