CVE-2018-6961 — VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability

2022-03-25 • CISA Known Exploited Vulnerability

[event] VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

> AFFECTED SOFTWARE

Field	Value
Vendor	VMware
Product	SD-WAN Edge
CWE	CWE-78
CVE ID	CVE-2018-6961
Date Added	2022-03-25
Due Date	2022-04-15
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-04-15

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-6961