Vulnerabilities > CVE-2023-20899 - Missing Authorization vulnerability in VMWare Sd-Wan Edge Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

CWE-862

NVD

Published: 2023-07-06

Updated: 2023-07-14

Summary

VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.

Vulnerable Configurations

Part	Description	Count
OS	Vmware Vmware SD WAN Edge Firmware *	1
Hardware	Vmware Vmware SD WAN Edge -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.vmware.com/security/advisories/VMSA-2023-0015.html