← Retour aux CVEs
CVE-2018-6961
HIGHCISA KEV8.1
Description
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
Details CVE
Score CVSS v3.18.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie6/11/2018
Derniere modification10/30/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurVMware
ProduitSD-WAN Edge
Nom vulnerabiliteVMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
Date ajout KEV2022-03-25
Date limite remediation2022-04-15
Utilise dans ransomwareUnknown
Produits affectes
vmware:nsx_sd-wan_by_velocloud
Faiblesses (CWE)
CWE-78CWE-78
References
http://www.securityfocus.com/bid/104185(security@vmware.com)
http://www.securitytracker.com/id/1041210(security@vmware.com)
http://www.vmware.com/security/advisories/VMSA-2018-0011.html(security@vmware.com)
https://www.exploit-db.com/exploits/44959/(security@vmware.com)
http://www.securityfocus.com/bid/104185(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041210(af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2018-0011.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44959/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6961(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.