Unrated severityCISA KEVNVD Advisory· Published Jun 11, 2018· Updated Oct 21, 2025

CVE-2018-6961

Description

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.

Affected products

VMware/NSX SD-WAN by VeloCloudv5
Range: prior to version 3.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44959/mitreexploitx_refsource_EXPLOIT-DB
www.securityfocus.com/bid/104185mitrevdb-entryx_refsource_BID
www.securitytracker.com/id/1041210mitrevdb-entryx_refsource_SECTRACK
www.vmware.com/security/advisories/VMSA-2018-0011.htmlmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000