CVE-2018-6961

Name of the Vulnerable Software and Affected Versions VMware NSX SD-WAN Edge by VeloCloud versions prior to 3.1.0

Description The local web UI component of the software contains a command injection issue. This component is disabled by default and should not be enabled on untrusted networks. The vendor plans to remove this service from the product in future releases. Successful exploitation could result in remote code execution.

Recommendations For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider keeping the local web UI component disabled, especially on untrusted networks, until a patch is applied.