[MART] - Daily Diary #619 - VMWare NSX Data Center for vSphere (NSX-V) RCE Exploit Published

[ctas-mat at appgate.com]

Hello,

I hope everyone is doing well!

Below is the entry for today.

10/31/2022 - Diary entry #619:

Recently, a proof of concept was published targeting a critical remote code execution (RCE) vulnerability in the VMWare NSX Data Center for vSphere (NSX-V), a network virtualization solution.

Tracked as CVE-2021-39144 (with a CVSS score of 9.8), a malicious actor can achieve remote code execution by exploiting a vulnerability in the XStream open-source library that relies on the deserialization of untrusted data. The XStream is a library to serialize objects to XML and back again.

VMWare released today an advisory warning that an exploit code leveraging CVE-2021-39144 has been published. The PoC was released in a blog post (https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html) explaining the vulnerability in depth and demonstrating the RCE.

To remediate the impact of the vulnerability after the exploit was published, VMWare made a patch available and now urges its customers to upgrade their appliances to the latest release.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



MART

Malware Analysis and Research Team
Appgate

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20221101/f4e4110d/attachment.htm>