VMware Cloud Foundation update fixes Critical RCE vulnerability (CVE-2021-39144) with published exploit code

VMware has released a security update for VMware Cloud Foundation that fixes a Critical RCE vulnerability via XStream (CVE-2021-39144) and another Moderate severity XXE issue.

According to the VMware update VMSA-2022-0027, the remote code execution (RCE) vulnerability (CVE-2021-39144) is due to an “unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V).”

As a result, a malicious actor could get remote code execution in the context of ‘root’ on the appliance.

On October 27, 2022, VMware has confirmed that exploit code leveraging CVE-2021-39144 against VCF (NSX-V) has been published and has rated the vulnerability ‘Critical’ (CVSS 9.8).

Administrators should remediate affected devices by applying NSX-V 6.4.14 patch on VMware Cloud Foundation 3.x (KB 89809).

Moreover, VMware also addressed a Moderate rated XML External Entity (XXE) vulnerability CVE-2022-31678 (CVSS 5.3) in VMware Cloud Foundation.

Related Articles