Vulnerability Details : CVE-2018-6961
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
Vulnerability category: Execute code
Products affected by CVE-2018-6961
- cpe:2.3:a:vmware:nsx_sd-wan_by_velocloud:*:*:*:*:*:*:*:*
CVE-2018-6961 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2018-6961
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2018-6961
48.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-6961
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2018-6961
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-6961
-
http://www.securityfocus.com/bid/104185
VMware SD-WAN Edge CVE-2018-6961 Command Injection VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1041210
VMware NSX SD-WAN Edge Local Web User Interface Command Injection Flaw Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.vmware.com/security/advisories/VMSA-2018-0011.html
VMSA-2018-0011.1Vendor Advisory
-
https://www.exploit-db.com/exploits/44959/
VMware NSX SD-WAN Edge < 3.1.2 - Command InjectionExploit;VDB Entry;Third Party Advisory
Jump to