<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:8pt;color:#000000;font-family:'Courier New',monospace;" dir="ltr">
<div>-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
- -----------------------------------------------------------------------<br>
VMware Security Advisory<br>
<br>
Advisory ID: VMSA-2018-0011.1<br>
Severity: Important<br>
Synopsis: Unauthenticated Command Injection vulnerability in VMware<br>
NSX SD-WAN by VeloCloud<br>
Issue date: 2018-05-15<br>
Updated on: 2018-06-28<br>
CVE number: CVE-2018-6961<br>
<br>
1. Summary<br>
<br>
Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN<br>
by VeloCloud<br>
<br>
2. Relevant Products<br>
<br>
VMware NSX SD-WAN Edge by VeloCloud (SD-WAN Edge)<br>
<br>
3. Problem Description<br>
<br>
Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN<br>
Edge by VeloCloud<br>
<br>
VMware NSX SD-WAN Edge by VeloCloud contains a command injection<br>
vulnerability in the local web UI component. This component is<br>
disabled by default and should not be enabled on untrusted networks.<br>
VeloCloud by VMware will be removing this service from the product<br>
in future releases. Successful exploitation of this issue could<br>
result in remote code execution.<br>
<br>
VMware would like to thank Cory Mathews, Quentin Rhoads-Herrera, and<br>
Maggie Ligon of Critical Start and security researcher Brian<br>
Sullivan from Tevora for independently reporting this issue to us.<br>
<br>
The Common Vulnerabilities and Exposures project (cve.mitre.org) has<br>
assigned the identifier CVE-2018-6961 to this issue.<br>
<br>
Column 5 of the following table lists the action required to<br>
remediate the vulnerability in each release, if a solution is<br>
available.<br>
<br>
VMware Product Running Replace with/ Mitigation/<br>
Product Version on Severity Apply Patch Workaround<br>
=========== ========= ======= ========= ============= ==========<br>
SD-WAN Edge 3.x, 2.x Linux Important 3.1.2 KB55009<br>
<br>
4. Solution<br>
<br>
VMware NSX SD-WAN Edge by VeloCloud 3.1.2<br>
Support/Guidance:<br>
https://kb.vmware.com/kb/53907<br>
<br>
5. References<br>
<br>
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6961<br>
https://kb.vmware.com/kb/55009<br>
<br>
- -----------------------------------------------------------------------<br>
<br>
6. Change log<br>
<br>
VMSA-2018-0011 2018-05-15<br>
Initial security advisory in conjunction with the release of KB55009<br>
on 2018-05-15.<br>
<br>
VMSA-2018-0011.1 2018-06-28<br>
Updated security advisory with the correct remediated version(SD-WAN<br>
Edge 3.1.2) since SD-WAN Edge 3.1.1 and earlier are still affected.<br>
<br>
- -----------------------------------------------------------------------<br>
<br>
7. Contact<br>
<br>
E-mail list for product security notifications and announcements:<br>
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce<br>
<br>
This Security Advisory is posted to the following lists:<br>
<br>
security-announce@lists.vmware.com<br>
bugtraq@securityfocus.com<br>
fulldisclosure@seclists.org<br>
<br>
E-mail: security at vmware.com<br>
PGP key at: https://kb.vmware.com/kb/1055<br>
<br>
VMware Security Advisories<br>
http://www.vmware.com/security/advisories<br>
<br>
VMware Security Response Policy<br>
https://www.vmware.com/support/policies/security_response.html<br>
<br>
VMware Lifecycle Support Phases<br>
https://www.vmware.com/support/policies/lifecycle.html<br>
<br>
VMware Security & Compliance Blog <br>
https://blogs.vmware.com/security<br>
<br>
Twitter<br>
https://twitter.com/VMwareSRC<br>
<br>
Copyright 2018 VMware Inc. All rights reserved.<br>
<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: Encryption Desktop 10.4.1 (Build 490)<br>
Charset: utf-8<br>
<br>
wj8DBQFbNbw3DEcm8Vbi9kMRAm2VAJ0X7xCUpGw8WmDtaR/8gS3417yBpgCg375u<br>
XpVQdd5b/u4B6g2/kv9GvkY=<br>
=5KBz<br>
-----END PGP SIGNATURE-----<br>
</div>
<br>
</div>
</body>
</html>