Skip to main content

Unauthenticated Command Injection vulnerability in SD-WAN Edge (VMware)

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all System and Network admins to review and implement the appropriate fix. The details of the updates can be found here.