CVE-2020-3985

8.8HIGH

Key Information:

Vendor
Vmware
Vendor
CVE Published:
24 November 2020

Summary

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.

Affected Version(s)

VMware SD-WAN Orchestrator VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.