[MART] - Daily Diary #619 - VMWare NSX Data Center for vSphere (NSX-V) RCE Exploit Published
ctas-mat at appgate.com
ctas-mat at appgate.com
Tue Nov 1 00:55:57 UTC 2022
Hello,
I hope everyone is doing well!
Below is the entry for today.
10/31/2022 - Diary entry #619:
Recently, a proof of concept was published targeting a critical remote code execution (RCE) vulnerability in the VMWare NSX Data Center for vSphere (NSX-V), a network virtualization solution.
Tracked as CVE-2021-39144 (with a CVSS score of 9.8), a malicious actor can achieve remote code execution by exploiting a vulnerability in the XStream open-source library that relies on the deserialization of untrusted data. The XStream is a library to serialize objects to XML and back again.
VMWare released today an advisory warning that an exploit code leveraging CVE-2021-39144 has been published. The PoC was released in a blog post (https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html) explaining the vulnerability in depth and demonstrating the RCE.
To remediate the impact of the vulnerability after the exploit was published, VMWare made a patch available and now urges its customers to upgrade their appliances to the latest release.
Kind Regards,
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>
MART
Malware Analysis and Research Team
Appgate
E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20221101/f4e4110d/attachment.htm>
More information about the MART
mailing list