VMware Security Response Center

VMSA-2018-0011 Revisited

Greetings from the VMware Security Response Center!

It has come to our attention that a previously resolved vulnerability identified by CVE-2018-6961 which affected VMware SD-WAN Edge (Velocloud) prior to R312-20180716-GA has been reported to be included as one of multiple injection methods for a newly discovered variant of the Mirai malware. Unit 42 has a good write up on what they have discovered here: https://unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-targets-additional-iot-devices.

VMware is actively conducting our own investigation into the matter.

The good news is that CVE-2018-6961 was responsibly disclosed by VMware with both a fix and workaround last year in 2018. You can find our published advisory including remediation information for CVE-2018-6961 here: https://www.vmware.com/security/advisories/VMSA-2018-0011.html as well as workaround documentation here: https://kb.vmware.com/s/article/55009.

Customers are strongly advised to remediate or mitigate this vulnerability on their VMware SD-WAN Edge devices immediately. Please watch this space for future updates.

Edit: Added build-specific version in which CVE-2018-6961 was remediated.