CVE-2018-6961
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| VMware | NSX SD-WAN by VeloCloud | prior to version 3.1.0 | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/104185
- https://www.exploit-db.com/exploits/44959/
- http://www.securitytracker.com/id/1041210
- http://www.vmware.com/security/advisories/VMSA-2018-0011.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- http://www.securityfocus.com/bid/104185
- https://www.exploit-db.com/exploits/44959/
- http://www.securitytracker.com/id/1041210
- http://www.vmware.com/security/advisories/VMSA-2018-0011.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.