CVE-2024-22247

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability.

A malicious actor with physical access to the SD-WAN Edge appliance 
during activation can potentially exploit this vulnerability to access 
the BIOS configuration. In addition, the malicious actor may be able to 
exploit the default boot priority configured.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
vmwareCNA
4.8 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2024-0008.html
https://www.vmware.com/security/advisories/VMSA-2024-0008.html