CVE-2018-6961

HIGH KEV NUCLEI

Vmware Nsx Sd-wan BY Velocloud < 3.1.0 - OS Command Injection

Title source: rule

Description

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.

Exploits (3)

exploitdb WORKING POC VERIFIED

by ParagonSec · pythonwebappshardware

https://www.exploit-db.com/exploits/44959

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by r3dxpl0it · remote

https://github.com/r3dxpl0it/CVE-2018-6961

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by bokanrb · remote

https://github.com/bokanrb/CVE-2018-6961

View Code ZIP pw:eip

Nuclei Templates (1)

VMware NSX SD-WAN Edge - Command Injection

CRITICALVERIFIEDby D3nverNg,thewindghost

Shodan: title:"VeloCloud"

FOFA: title="VeloCloud"

References (5)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104185

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041210

[Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2018-0011.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44959/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6961

Scores

CVSS v3 8.1

EPSS 0.9364

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25

VulnCheck KEV 2019-06-06

InTheWild.io 2019-06-06

ENISA EUVD EUVD-2018-18705

CWE

CWE-78

Status published

Products (1)

vmware/nsx_sd-wan_by_velocloud < 3.1.0

Published Jun 11, 2018

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026