Vmware Sd-Wan Orchestrator vulnerabilities
6 known vulnerabilities affecting vmware/sd-wan_orchestrator.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-4001CRITICALCVSS 9.8≥ 3.4.0, ≤ 3.4.4≥ 4.0.0, ≤ 4.0.1+1 more2020-11-24
CVE-2020-4001 [CRITICAL] CWE-1188 CVE-2020-4001: The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash A
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.
nvd
CVE-2020-4002HIGHCVSS 7.2≥ 3.4.0, < 3.4.4≥ 4.0.0, < 4.0.1+1 more2020-11-24
CVE-2020-4002 [HIGH] CVE-2020-4002: The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 hand
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.
nvd
CVE-2020-4000HIGHCVSS 8.8≥ 3.4.0, < 3.4.4≥ 4.0.0, < 4.0.1+1 more2020-11-24
CVE-2020-4000 [HIGH] CWE-22 CVE-2020-4000: The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allo
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.
nvd
CVE-2020-3985HIGHCVSS 8.8≥ 3.4.0, < 3.4.4v3.3.22020-11-24
CVE-2020-3985 [HIGH] CVE-2020-3985: The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arb
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.
nvd
CVE-2020-3984MEDIUMCVSS 6.5≥ 3.4.0, < 3.4.4v3.3.22020-11-24
CVE-2020-3984 [MEDIUM] CWE-89 CVE-2020-3984: The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct inpu
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.
nvd
CVE-2020-4003MEDIUMCVSS 6.5≥ 3.4.0, < 3.4.4≥ 4.0.0, < 4.0.1+1 more2020-11-24
CVE-2020-4003 [MEDIUM] CWE-89 CVE-2020-4003: VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 w
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.
nvd