VMware has patched six vulnerabilities that affect VMware SD-WAN Orchestrator.
As noted in the VMware advisory VMSA-2020-0025, attackers could exploit these vulnerabilities in order to gain unauthorized data access, execute code or elevate privileges.
The CVSS scores range between 6.3 and 7.5.
In summary, VMware patched the following vulnerabilities in versions 3.x and 4.x of SD-WAN Orchestrator:
- CVE-2020-3984: SQL injection vulnerability due to improper input validation.
- CVE-2020-4000: Directory traversal file execution.
- CVE-2020-4001: Default passwords Pass-the-Hash Attack.
- CVE-2020-3985: API endpoint privilege escalation.
- CVE-2020-4002: Unsafe handling of system parameters.
- CVE-2020-4003: SQL injection Information Disclosure.
The highest rated vulnerability CVE-2020-3985 (CVSS score of 7.5) could allow an authenticated SD-WAN Orchestrator user to “exploit an application weakness and call a vulnerable API to elevate their privileges.”
Another higher risk vulnerability CVE-2020-4002 (CVSS score of 7.5) could allow an attacker with high privileges to execute arbitrary code on the underlying operating system.