CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-4002

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.8%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

http://www.vmware.com/security/advisories/VMSA-2020-0025.html
http://www.vmware.com/security/advisories/VMSA-2020-0025.html

Products affected by CVE-2020-4002

Vmware » Sd-Wan Orchestrator » Version: 3.3.2

cpe:2.3:a:vmware:sd-wan_orchestrator:3.3.2
Vmware » Sd-Wan Orchestrator » Version: 3.4.0

cpe:2.3:a:vmware:sd-wan_orchestrator:3.4.0
Vmware » Sd-Wan Orchestrator » Version: 4.0.0

cpe:2.3:a:vmware:sd-wan_orchestrator:4.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-4002

Products

Pricing

Contact Us