← Volver a CVEs
CVE-2018-6961
HIGHCISA KEV8.1
Descripcion
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado6/11/2018
Ultima modificacion10/30/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorVMware
ProductoSD-WAN Edge
Nombre vulnerabilidadVMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
Fecha inclusion KEV2022-03-25
Fecha limite remediacion2022-04-15
Uso en ransomwareUnknown
Productos afectados
vmware:nsx_sd-wan_by_velocloud
Debilidades (CWE)
CWE-78CWE-78
Referencias
http://www.securityfocus.com/bid/104185(security@vmware.com)
http://www.securitytracker.com/id/1041210(security@vmware.com)
http://www.vmware.com/security/advisories/VMSA-2018-0011.html(security@vmware.com)
https://www.exploit-db.com/exploits/44959/(security@vmware.com)
http://www.securityfocus.com/bid/104185(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041210(af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2018-0011.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44959/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6961(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.