← Zuruck zu CVEs
CVE-2018-6961
HIGHCISA KEV8.1
Beschreibung
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
CVE Details
CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/11/2018
Zuletzt geandert10/30/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerVMware
ProduktSD-WAN Edge
SchwachstellennameVMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
KEV Aufnahmedatum2022-03-25
Behebungsfrist2022-04-15
Ransomware-NutzungUnknown
Betroffene Produkte
vmware:nsx_sd-wan_by_velocloud
Schwachen (CWE)
CWE-78CWE-78
Referenzen
http://www.securityfocus.com/bid/104185(security@vmware.com)
http://www.securitytracker.com/id/1041210(security@vmware.com)
http://www.vmware.com/security/advisories/VMSA-2018-0011.html(security@vmware.com)
https://www.exploit-db.com/exploits/44959/(security@vmware.com)
http://www.securityfocus.com/bid/104185(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041210(af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2018-0011.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44959/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6961(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.