VMware has released a security update for VMware Cloud Foundation that fixes a Critical RCE vulnerability via XStream (CVE-2021-39144) and another Moderate severity XXE issue.
According to the VMware update VMSA-2022-0027, the remote code execution (RCE) vulnerability (CVE-2021-39144) is due to an “unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V).”
As a result, a malicious actor could get remote code execution in the context of ‘root’ on the appliance.
On October 27, 2022, VMware has confirmed that exploit code leveraging CVE-2021-39144 against VCF (NSX-V) has been published and has rated the vulnerability ‘Critical’ (CVSS 9.8).
Administrators should remediate affected devices by applying NSX-V 6.4.14 patch on VMware Cloud Foundation 3.x (KB 89809).
Moreover, VMware also addressed a Moderate rated XML External Entity (XXE) vulnerability CVE-2022-31678 (CVSS 5.3) in VMware Cloud Foundation.
- VMware Tools update fixes local privilege escalation vulnerability (CVE-2022-31676)
- Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems (updated)
- CISA adds Critical VMware Workspace ONE Access and Identity Manager vulnerability to Catalog of exploited vulnerabilities
- VMware releases Critical security updates (updated with known exploits for CVE-2022-22954)