Back to search
CVE-2018-6961
Published: Jun 11, 2018
Modified: Oct 21, 2025
PUBLISHED
Description
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
| Vendor | Product | Versions |
|---|---|---|
VMware | NSX SD-WAN by VeloCloud | affected prior to version 3.1.0 |
References
104185
vdb-entry
x_refsource_BID
44959
exploit
x_refsource_EXPLOIT-DB
1041210
vdb-entry
x_refsource_SECTRACK
http://www.vmware.com/security/advisories/VMSA-2018-0011.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now