INITIALIZING
📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global data_breach Government CRITICAL 4h Global ransomware Financial Services / Cybersecurity CRITICAL 4h Global vulnerability Information Technology / Cybersecurity CRITICAL 6h Global malware Energy and Utilities CRITICAL 7h Global ransomware Multiple sectors CRITICAL 7h Global vulnerability Industrial Control Systems / IoT / Infrastructure CRITICAL 10h Global supply_chain Information Technology and Critical Infrastructure CRITICAL 10h Global phishing Multiple sectors HIGH 10h Global insider Cybersecurity Services CRITICAL 11h Global ransomware Multiple sectors (U.S. companies) CRITICAL 11h Global data_breach Government CRITICAL 4h Global ransomware Financial Services / Cybersecurity CRITICAL 4h Global vulnerability Information Technology / Cybersecurity CRITICAL 6h Global malware Energy and Utilities CRITICAL 7h Global ransomware Multiple sectors CRITICAL 7h Global vulnerability Industrial Control Systems / IoT / Infrastructure CRITICAL 10h Global supply_chain Information Technology and Critical Infrastructure CRITICAL 10h Global phishing Multiple sectors HIGH 10h Global insider Cybersecurity Services CRITICAL 11h Global ransomware Multiple sectors (U.S. companies) CRITICAL 11h Global data_breach Government CRITICAL 4h Global ransomware Financial Services / Cybersecurity CRITICAL 4h Global vulnerability Information Technology / Cybersecurity CRITICAL 6h Global malware Energy and Utilities CRITICAL 7h Global ransomware Multiple sectors CRITICAL 7h Global vulnerability Industrial Control Systems / IoT / Infrastructure CRITICAL 10h Global supply_chain Information Technology and Critical Infrastructure CRITICAL 10h Global phishing Multiple sectors HIGH 10h Global insider Cybersecurity Services CRITICAL 11h Global ransomware Multiple sectors (U.S. companies) CRITICAL 11h
Vulnerabilities

CVE-2018-6961

Critical 🇺🇸 CISA KEV ⚡ Exploit Available
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability — VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of t
Published: Mar 25, 2022  ·  Source: CISA_KEV
CVSS v3
9.0
🔗 NVD Official
📄 Description (English)

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability — VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

🤖 AI Executive Summary

CVE-2018-6961 is a critical command injection vulnerability in VMware SD-WAN Edge by VeloCloud's local web UI component, with a CVSS score of 9.0. Successful exploitation allows remote code execution on the SD-WAN Edge appliance, potentially giving attackers full control over network routing infrastructure. A public exploit is available, significantly increasing the risk of active exploitation. Organizations using VeloCloud SD-WAN should patch immediately as this vulnerability directly compromises network edge infrastructure.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 11, 2026 09:37
🇸🇦 Saudi Arabia Impact Assessment
VMware SD-WAN (VeloCloud) is widely deployed across Saudi Arabia, particularly in the telecommunications sector (STC, Mobily, Zain), banking sector (SAMA-regulated institutions), government networks, and large enterprises including energy companies (Saudi Aramco, SABIC). Compromise of SD-WAN Edge devices could allow attackers to intercept, redirect, or manipulate network traffic across distributed branch offices. This is especially critical for Saudi financial institutions connecting branches, government agencies with distributed offices, and energy sector SCADA/OT network segments that may traverse SD-WAN infrastructure. The availability of a public exploit makes this an immediate threat to any exposed VeloCloud deployment in the Kingdom.
🏢 Affected Saudi Sectors
Telecommunications Banking Government Energy Healthcare Retail
⚖️ Saudi Risk Score (AI)
8.8
/ 10.0
🔧 Remediation Steps (English)
1. IMMEDIATE ACTIONS:

- Identify all VMware SD-WAN Edge (VeloCloud) appliances in your environment

- Restrict access to the local web UI to trusted management networks only using ACLs/firewall rules

- Block external access to the SD-WAN Edge management interface immediately

- Monitor for signs of exploitation including unexpected command execution or unauthorized access



2. PATCHING GUIDANCE:

- Apply VMware security advisory VMSA-2018-0011 patches immediately

- Update SD-WAN Edge firmware to the latest patched version as specified by VMware

- Coordinate with VeloCloud Orchestrator administrators for centralized firmware updates



3. COMPENSATING CONTROLS:

- Implement network segmentation to isolate SD-WAN management interfaces

- Enable multi-factor authentication for all management access

- Deploy IDS/IPS rules to detect command injection patterns targeting the web UI

- Enable comprehensive logging on all SD-WAN Edge devices and forward to SIEM



4. DETECTION RULES:

- Monitor HTTP/HTTPS traffic to SD-WAN Edge management ports for command injection patterns (semicolons, pipes, backticks in parameters)

- Alert on any unexpected outbound connections from SD-WAN Edge devices

- Monitor for unauthorized configuration changes via the Orchestrator
🔧 خطوات المعالجة (العربية)
1. الإجراءات الفورية:

- تحديد جميع أجهزة VMware SD-WAN Edge (VeloCloud) في بيئتك

- تقييد الوصول إلى واجهة الويب المحلية على شبكات الإدارة الموثوقة فقط باستخدام قوائم التحكم في الوصول وقواعد جدار الحماية

- حظر الوصول الخارجي إلى واجهة إدارة SD-WAN Edge فوراً

- مراقبة علامات الاستغلال بما في ذلك تنفيذ الأوامر غير المتوقعة أو الوصول غير المصرح به



2. إرشادات التصحيح:

- تطبيق تصحيحات VMware الأمنية VMSA-2018-0011 فوراً

- تحديث البرنامج الثابت لـ SD-WAN Edge إلى أحدث إصدار مصحح كما حددته VMware

- التنسيق مع مسؤولي VeloCloud Orchestrator لتحديثات البرنامج الثابت المركزية



3. الضوابط التعويضية:

- تنفيذ تجزئة الشبكة لعزل واجهات إدارة SD-WAN

- تمكين المصادقة متعددة العوامل لجميع عمليات الوصول الإداري

- نشر قواعد IDS/IPS للكشف عن أنماط حقن الأوامر التي تستهدف واجهة الويب

- تمكين التسجيل الشامل على جميع أجهزة SD-WAN Edge وإرسالها إلى SIEM



4. قواعد الكشف:

- مراقبة حركة HTTP/HTTPS إلى منافذ إدارة SD-WAN Edge بحثاً عن أنماط حقن الأوامر

- التنبيه على أي اتصالات صادرة غير متوقعة من أجهزة SD-WAN Edge

- مراقبة تغييرات التكوين غير المصرح بها عبر Orchestrator
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC-2:3-1 (Network Security) ECC-2:3-2 (Security of Network Services) ECC-2:5-1 (Vulnerability Management) ECC-2:2-1 (Asset Management)
🔵 SAMA CSF
3.3.3 (Network Security Management) 3.3.4 (Vulnerability Management) 3.3.7 (Access Control) 3.4.1 (Incident Management)
🟡 ISO 27001:2022
A.8.9 (Configuration Management) A.8.8 (Management of Technical Vulnerabilities) A.8.20 (Networks Security) A.8.22 (Segregation of Networks)
🟣 PCI DSS v4.0
PCI DSS 6.3.3 (Patching Security Vulnerabilities) PCI DSS 1.3 (Network Access Controls) PCI DSS 2.2 (System Configuration Standards) PCI DSS 11.3 (Penetration Testing)
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
VMware:SD-WAN Edge
📊 CVSS Score
9.0
/ 10.0 — Critical
📋 Quick Facts
Severity Critical
CVSS Score9.0
EPSS93.65%
Exploit ✓ Yes
Patch ✓ Yes
CISA KEV🇺🇸 Yes
KEV Due Date2022-04-15
Published 2022-03-25
Source Feed cisa_kev
Views 1
🇸🇦 Saudi Risk Score
8.8
/ 10.0 — Saudi Risk
🏷️ Tags
kev actively-exploited
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.