CVE-2018-6961
CVE-2018-6961
In short
VMware NSX SD-WAN Edge versions before 3.1.0 have a command injection flaw in a local web interface that allows attackers to run arbitrary code on the device. This happens when the web UI is enabled, which is off by default but can be manually turned on.
Technical detail
A command injection vulnerability exists in the local web UI component of VMware NSX SD-WAN Edge prior to 3.1.0 (CWE-78). An attacker with network access to the enabled web interface can inject OS commands that execute with device privileges, leading to remote code execution. The component is disabled by default, reducing exposure but allowing RCE when administratively enabled.
Summary generated and translated by AI from the official description.
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
VMware · NSX SD-WAN by VeloCloudpublic PoCs found — 4
githubgithub.com/r3dxpl0it/CVE-2018-6961★ 5githubgithub.com/bokanrb/CVE-2018-6961★ 1cve_referencewww.exploit-db.com/exploits/44959/unverifiedexploitdbwww.exploit-db.com/exploits/44959unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →