{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2022-076.pdf" }, "title": "Critical Vulnerability in VMware Cloud Foundation", "serial_number": "2022-076", "publish_date": "31-10-2022 09:20:00", "description": "On October 25, 2022, VMWare released a new version of Cloud Foundation (NSX-V) fixing a critical Remote Code Execution vulnerability. VMware has confirmed that exploit code leveraging \"CVE-2021-39144\" against impacted products has been published. It is highly recommended applying the last version.", "url_title": "2022-076", "content_markdown": "---\ntitle: 'Critical Vulnerability in VMware Cloud Foundation'\nversion: '1.0'\nnumber: '2022-076'\noriginal_date: 'October 25, 2022'\ndate: 'October 31, 2022'\n---\n\n_History:_\n\n* _31/10/2022 --- v1.0 -- Initial publication_\n \n# Summary\n\nOn October 25, 2022, VMWare released a new version of Cloud Foundation (NSX-V) fixing a critical Remote Code Execution vulnerability [1]. VMware has confirmed that exploit code leveraging `CVE-2021-39144` against impacted products has been published [2]. It is highly recommended applying the last version.\n\n# Technical Details\n\nThe vulnerability, identified by `CVE-2021-39144`, with a CVSS score of 9.8 out of 10, is due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V). By exploiting this vulnerability, an unauthenticated attacker could achieve remote code execution in the context of the `root` user on the affected server.\n\n# Affected Products\n\n* All versions for VMware NSX Data Center for vSphere (NSX-V) prior to NSX-V 6.4.14 appliances [3]\n* All the VMware Cloud Foundation(VCF) 3.x versions\n\n# Recommendations\n\nCERT-EU highly recommends applying the latest version or the workaround provided by VMWare.\n\n# References\n\n[1] \n\n[2] \n\n[3] \n", "content_html": "

History:

  • 31/10/2022 --- v1.0 -- Initial publication

Summary

On October 25, 2022, VMWare released a new version of Cloud Foundation (NSX-V) fixing a critical Remote Code Execution vulnerability [1]. VMware has confirmed that exploit code leveraging CVE-2021-39144 against impacted products has been published [2]. It is highly recommended applying the last version.

Technical Details

The vulnerability, identified by CVE-2021-39144, with a CVSS score of 9.8 out of 10, is due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V). By exploiting this vulnerability, an unauthenticated attacker could achieve remote code execution in the context of the root user on the affected server.

Affected Products

  • All versions for VMware NSX Data Center for vSphere (NSX-V) prior to NSX-V 6.4.14 appliances [3]
  • All the VMware Cloud Foundation(VCF) 3.x versions

Recommendations

CERT-EU highly recommends applying the latest version or the workaround provided by VMWare.

References

[1] https://www.vmware.com/security/advisories/VMSA-2022-0027.html

[2] https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html

[3] https://kb.vmware.com/s/article/89809

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }