<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Vulnerability Report

CVE-2020-4003 VMWare SD-WAN Orchestrator (SQL Injection)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

A SQL Injection vulnerability was disclosed in VMware’s SD WAN Orchestrator. At a minimum, SQL Injection attacks allow for potential information disclosure and a cleverly crafted attack could cause web shells to be dropped on the victim. This could allow for remote code execution on the victim with the privileges of the user on the host machine.


Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability has not yet been assigned by NVD. VMware has self-assessed this vulnerability at Medium 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

Affected Version

SD-WAN Orchestrator v3.x and 4.x suffer from this vulnerability. The vulnerability has been fixed in version 4.0.1 and 3.3.2 p3 build 3.3.2-GA-20201103, 3.4.4 build R344-20201103-GA

Vulnerability Attribution

This vulnerability was disclosed by Christopher Schneider - Penetration Test Analyst at State Farm.

Risk Impact

VMware’s SD WAN Orchestrator provides centralized, enterprise-wide installation, configuration, and real time monitoring, in addition to orchestrating the data flow through the cloud network. The SD-WAN Orchestrator presents a web-based user interface, where users can configure and manage the following:

  • Customers

  • Partners

  • Operator Users

  • Gateways and Gateway Pools

  • Orchestrator Authentication Modes

An attacker can use a cleverly crafted SQL verbs and can cause a range of damage from disclosure of confidential information to dropping tables in the database to planting a web shell on the victim.


Depending on the privileges associated with VMware SD-WAN Orchestrator processes, an attacker could then install programs, view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. No public exploit is available currently.

Virsec Security Platform (VSP) Support

The Virsec Security Platform (VSP)- Based on the description provided, this SQL Injection vulnerability can be protected by VSP-Web.

Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.