CISA KEV 정보
| 취약점명 | VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability |
|---|---|
| 설명 | VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-78 |
| 등록일 (KEV) | 2022-03-25 |
| 조치 기한 | 2022-04-15 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2018-6961 |
NVD 상세 정보
CVSS v3.1: 8.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P설명: VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
CWE: CWE-78 | CWE-78
참조
- http://www.securityfocus.com/bid/104185 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1041210 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.vmware.com/security/advisories/VMSA-2018-0011.html [Vendor Advisory]
- https://www.exploit-db.com/exploits/44959/ [Exploit, Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/bid/104185 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1041210 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.vmware.com/security/advisories/VMSA-2018-0011.html [Vendor Advisory]
- https://www.exploit-db.com/exploits/44959/ [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6961 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.