4.0.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vmware

CWE-1188

critical

NVD

Published: 2020-11-24

Updated: 2021-07-21

Summary

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware SD WAN Orchestrator 3.3.2 Vmware SD WAN Orchestrator 4.0.0 Vmware SD WAN Orchestrator 3.4.0	5

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

http://www.vmware.com/security/advisories/VMSA-2020-0025.html