CVE-2020-4001
EUVD-2020-2526624.11.2020, 16:15
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| vmware | sd-wan_orchestrator | 3.4.0 ≤ 𝑥 ≤ 3.4.4 |
| vmware | sd-wan_orchestrator | 4.0.0 ≤ 𝑥 ≤ 4.0.1 |
| vmware | sd-wan_orchestrator | 3.3.2 |
| vmware | sd-wan_orchestrator | 3.3.2:p1 |
| vmware | sd-wan_orchestrator | 3.3.2:p2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration