CVE-2024-22246

Name of the Vulnerable Software and Affected Versions VMware SD-WAN Edge (affected versions not specified)

Description The issue is related to an unauthenticated command injection vulnerability in the VMware SD-WAN Edge, potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack, which could lead to full control of the router. The vulnerability is associated with the failure to neutralize special elements used in the OS command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.