CVE-2020-3985
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/11/2020
Last modified:
21/07/2021
Description
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:vmware:sd-wan_orchestrator:*:*:*:*:*:*:*:* | 3.4.0 (including) | 3.4.4 (excluding) |
cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:-:*:*:*:*:*:* | ||
cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:p1:*:*:*:*:*:* | ||
cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2:p2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page