Vmware · Vmware Nsx Sd-Wan Edge · CVE-2018-6961
**Name of the Vulnerable Software and Affected Versions**
VMware NSX SD-WAN Edge by VeloCloud versions prior to 3.1.0
**Description**
The local web UI component of the software contains a command injection issue. This component is disabled by default and should not be enabled on untrusted networks. The vendor plans to remove this service from the product in future releases. Successful exploitation could result in remote code execution.
**Recommendations**
For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue.
As a temporary workaround, consider keeping the local web UI component disabled, especially on untrusted networks, until a patch is applied.