CVE-2020-3985

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/11/2020
Last modified:
21/07/2021

Description

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vmware:sd-wan_orchestrator:*:*:*:*:*:*:*:* 3.4.0 (including) 3.4.4 (excluding)
cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:-:*:*:*:*:*:*
cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:p1:*:*:*:*:*:*
cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:p2:*:*:*:*:*:*


References to Advisories, Solutions, and Tools