← Voltar para CVEs
CVE-2018-6961
HIGHCISA KEV8.1
Descricao
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
Detalhes CVE
Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/11/2018
Ultima modificacao10/30/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorVMware
ProdutoSD-WAN Edge
Nome da vulnerabilidadeVMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
Data inclusao KEV2022-03-25
Prazo de remediacao2022-04-15
Uso em ransomwareUnknown
Produtos afetados
vmware:nsx_sd-wan_by_velocloud
Fraquezas (CWE)
CWE-78CWE-78
Referencias
http://www.securityfocus.com/bid/104185(security@vmware.com)
http://www.securitytracker.com/id/1041210(security@vmware.com)
http://www.vmware.com/security/advisories/VMSA-2018-0011.html(security@vmware.com)
https://www.exploit-db.com/exploits/44959/(security@vmware.com)
http://www.securityfocus.com/bid/104185(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041210(af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2018-0011.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44959/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6961(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.