What is the severity of CVE-2024-22246?

CVE-2024-22246 has a high severity level due to the potential for remote code execution.

How do I fix CVE-2024-22246?

To mitigate CVE-2024-22246, apply the latest security patch provided by VMware for the SD-WAN Edge product.

Who is affected by CVE-2024-22246?

Users of VMware SD-WAN Edge are affected by CVE-2024-22246, particularly those with local access to the Edge Router UI.

What type of vulnerability is CVE-2024-22246?

CVE-2024-22246 is classified as an unauthenticated command injection vulnerability.

What could be the impact of exploiting CVE-2024-22246?

Exploitation of CVE-2024-22246 could lead to full control over the affected router.

Vulnerability/
CVE-2024-22246

high

7.4

CWE

2/4/2024

1/8/2024

CVE-2024-22246: Command Injection

First published: Tue Apr 02 2024(Updated: )

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware SD-WAN Edge Firmware

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-22246?
CVE-2024-22246 has a high severity level due to the potential for remote code execution.
How do I fix CVE-2024-22246?
To mitigate CVE-2024-22246, apply the latest security patch provided by VMware for the SD-WAN Edge product.
Who is affected by CVE-2024-22246?
Users of VMware SD-WAN Edge are affected by CVE-2024-22246, particularly those with local access to the Edge Router UI.
What type of vulnerability is CVE-2024-22246?
CVE-2024-22246 is classified as an unauthenticated command injection vulnerability.
What could be the impact of exploiting CVE-2024-22246?
Exploitation of CVE-2024-22246 could lead to full control over the affected router.

agent/description
agent/type
agent/first-publish-date
agent/author
collector/the-register
source/The Register
alias/CVE-2024-26234
alias/CVE-2024-29988
alias/CVE-2024-21322
alias/CVE-2024-21323
alias/CVE-2024-29053
alias/CVE-2023-41677
alias/CVE-2023-48784
alias/CVE-2024-23662
alias/CVE-2024-22246
alias/CVE-2024-20348
agent/news-ai
agent/severity
agent/references
agent/weakness
collector/nvd-api
source/NVD
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/vmware
canonical/vmware sd-wan edge firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.