|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-08-25 | |
| Rule Name: | VMware NSX SD-WAN Command Injection Vulnerability (CVE-2018-6961) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux | |
| Reference: | SecurityFocusBID:104185 ExploitDB:44959 SecurityTrackerID:1041210 http://www.vmware.com/security/advisories/VMSA-2018-0011.html |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.vmware.com/security/advisories/VMSA-2018-0011.html |