diff --git a/2024/22xxx/CVE-2024-22246.json b/2024/22xxx/CVE-2024-22246.json index 4282779a7b0..5727739df02 100644 --- a/2024/22xxx/CVE-2024-22246.json +++ b/2024/22xxx/CVE-2024-22246.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22246", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution.\n\nA malicious actor with local access to the Edge Router UI during \nactivation may be able to perform a command injection attack that could \nlead to full control of the router. \n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Command Injection vulnerability in SD-WAN Edge " + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "N/A", + "product": { + "product_data": [ + { + "product_name": "VMware SD-WAN Edge", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "VMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22247.json b/2024/22xxx/CVE-2024-22247.json index 745a7fd9fa6..7d7b0842663 100644 --- a/2024/22xxx/CVE-2024-22247.json +++ b/2024/22xxx/CVE-2024-22247.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22247", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability.\n\nA malicious actor with physical access to the SD-WAN Edge appliance \nduring activation can potentially exploit this vulnerability to access \nthe BIOS configuration. In addition, the malicious actor may be able to \nexploit the default boot priority configured.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authentication and Protection Mechanism vulnerability in SD-WAN Edge" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "N/A", + "product": { + "product_data": [ + { + "product_name": "VMware SD-WAN Edge", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "VMware SD-WAN Edge 4.5.x, VMware SD-WAN Edge 5.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2024/22xxx/CVE-2024-22248.json b/2024/22xxx/CVE-2024-22248.json index fb83a05e536..efd7f560c0f 100644 --- a/2024/22xxx/CVE-2024-22248.json +++ b/2024/22xxx/CVE-2024-22248.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-22248", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware SD-WAN Orchestrator contains an open redirect vulnerability.\n\nA malicious actor may be able to redirect a victim to an attacker \ncontrolled domain due to improper path handling leading to sensitive \ninformation disclosure.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in SD-WAN Orchestrator " + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "N/A", + "product": { + "product_data": [ + { + "product_name": "VMware SD-WAN Orchestrator", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "VMware SD-WAN Orchestrator 5.x" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html", + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "version": "3.1" } ] }