VMware fixes critical RCE in VMware Cloud Foundation

VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144.

VMware has released security updates to address a critical vulnerability, tracked as CVE-2021-39144 (CVSSv3 9.8), in VMware Cloud Foundation. VMware Cloud Foundation™ is the industry’s most advanced hybrid cloud platform. It provides a complete set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps—traditional or containerized —in private or public environments.

The remote code execution vulnerability resides in the XStream open-source library. Unauthenticated attackers can exploit the vulnerability in low-complexity attacks without user interaction.

“Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of ‘root’ on the appliance.” reads the advisory published by the company.

The product team has also released patches for end-of-life products due to the severity of the vulnerability.

The virtualization giant also addressed an XML External Entity (XXE) vulnerability tracked as CVE-2022-31678 (CVSSv3 5.3.). An unauthenticated user may exploit this issue to cause a denial-of-service condition or unintended information disclosure.

Both flaws were reported by researchers Sina Kheirkhah and Steven Seeley from Source Incite.

VMware also published separate guidance to upgrade NSX-V 6.4.14 appliances on VMware Cloud Foundation 3.x.

Below is the step-by-step workaround procedure:

Step 1: Perform below steps on each VMware NSX-V instance deployed in your VMware Cloud Foundation environment

Apply the NSX-v 6.4.14 patch available at the Product Patch page to all NSX-V instances (Management & VI Domain) in the environment.

Step 2: Perform below steps on each SDDC Manager VM deployed in your Cloud Foundation environment

Login to SDDC manager Virtual Machine via SSH and sudo to root account
Verify the NSX-V version on the inventory
API to update NSX-v hot patch version: 6.4.14-20609341
Verify the NSX-V Version

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, VMWare)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.