CVE-2024-22247
First published: Tue Apr 02 2024(Updated: )
VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the malicious actor may be able to exploit the default boot priority configured.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware SD-WAN Edge Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-22247?
CVE-2024-22247 has a high severity rating due to the potential for unauthorized access to the BIOS configuration by a malicious actor.
How do I fix CVE-2024-22247?
To mitigate CVE-2024-22247, ensure that physical access to the VMware SD-WAN Edge appliance is restricted and follow vendor guidance for securing the device.
Who is affected by CVE-2024-22247?
Users of VMware SD-WAN Edge appliances are affected by CVE-2024-22247, particularly those with inadequate physical security measures.
What type of vulnerability is CVE-2024-22247?
CVE-2024-22247 is categorized as a missing authentication and protection mechanism vulnerability.
What can a malicious actor do with CVE-2024-22247?
A malicious actor with physical access to the SD-WAN Edge appliance can exploit CVE-2024-22247 to access and modify the BIOS configuration.
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware sd-wan edge firmware