VMware issued a security advisory for a High severity privilege escalation vulnerability CVE-2021-21981 in VMware NSX-T.
An attacker could exploit this vulnerability and take control of an unpatched system.
VMware warned “VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment.”
As a result, an attacker with access to a local guest user account to assign privileges higher than their own permission level.
This issue affects only VMware NSX-T version 3.1.1 and has been patched with version 3.1.2.
Although VMware rated CVE-2021-21981 as ‘Important’, the vulnerability has a CVSS score of 7.5 which falls in the High severity range according to NIST.