Vulnerability Description
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Nsx Sd-Wan By Velocloud | < 3.1.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104185Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041210Broken LinkThird Party AdvisoryVDB Entry
- http://www.vmware.com/security/advisories/VMSA-2018-0011.htmlVendor Advisory
- https://www.exploit-db.com/exploits/44959/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/104185Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041210Broken LinkThird Party AdvisoryVDB Entry
- http://www.vmware.com/security/advisories/VMSA-2018-0011.htmlVendor Advisory
- https://www.exploit-db.com/exploits/44959/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource
FAQ
What is CVE-2018-6961?
CVE-2018-6961 is a vulnerability with a CVSS score of 8.1 (HIGH). VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on ...
How severe is CVE-2018-6961?
CVE-2018-6961 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6961?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Nsx Sd-Wan By Velocloud.