CVE-2024-22247 MEDIUM

CVE-2024-22247

Vendor N/A
Product VMware SD-WAN Edge
Published April 2, 2024
Last update August 1, 2024

CVSS base score

4.8/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.

Key dates

02Disclosure timeline

April 2, 2024 CVE published
August 1, 2024 Record updated