| Vulnerability Name: | CVE-2018-6961 (CCN-143333) | ||||||||||||
| Assigned: | 2018-05-15 | ||||||||||||
| Published: | 2018-05-15 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution. | ||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-6961 Source: BID Type: Third Party Advisory, VDB Entry 104185 Source: CCN Type: BID-104185 VMware SD-WAN Edge CVE-2018-6961 Command Injection Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1041210 Source: CONFIRM Type: Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2018-0011.html Source: XF Type: UNKNOWN vmware-nsx-cve20186961-command-exec(143333) Source: CCN Type: Packet Storm Security [07-02-2018] VMware NSX SD-WAN Edge Command Injection Source: EXPLOIT-DB Type: Exploit, Third Party Advisory, VDB Entry 44959 Source: CCN Type: VMware Security Advisory VMSA-2018-0011 Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||