<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof ContentPasted0">

Hello,

<div><br class="ContentPasted0">

</div>

<div class="ContentPasted0">I hope everyone is doing well!</div>

<div><br class="ContentPasted0">

</div>

<div class="ContentPasted0">Below is the entry for today.</div>

<div><br class="ContentPasted0">

</div>

<div class="ContentPasted0">10/31/2022 - Diary entry #619:</div>

<div><br class="ContentPasted0">

</div>

<blockquote style="margin-top:0;margin-bottom:0">

<div class="ContentPasted0 ContentPasted1">Recently, a proof of concept was published targeting a critical remote code execution (RCE) vulnerability in the VMWare NSX Data Center for vSphere (NSX-V), a network virtualization solution.

<div><br class="ContentPasted1">

</div>

<div class="ContentPasted1">Tracked as CVE-2021-39144 (with a CVSS score of 9.8), a malicious actor can achieve remote code execution by exploiting a vulnerability in the XStream open-source library that relies on the deserialization of untrusted data. The

 XStream is a library to serialize objects to XML and back again.</div>

<div><br class="ContentPasted1">

</div>

<div class="ContentPasted1 ContentPasted2">VMWare released today an advisory warning that an exploit code leveraging CVE-2021-39144 has been published. The PoC was released in a blog post (<a href="https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html" id="LPNoLPOWALinkPreview">https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html</a>)

 explaining the vulnerability in depth and demonstrating the RCE.</div>

<div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview _EReadonly_1"></div>

</div>

<div class="ContentPasted0 ContentPasted1">

<div><br class="ContentPasted1">

</div>

To remediate the impact of the vulnerability after the exploit was published, VMWare made a patch available and now urges its customers to upgrade their appliances to the latest release.<br>

</div>

</blockquote>

<div><br class="ContentPasted0">

</div>

Kind Regards,<br>

</div>

<div class="elementToProof">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="Signature">

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<table style="font-size:medium; font-family:"Times New Roman"">

<tbody>

<tr>

<td style="width:180px" align="left">

<table width="120" align="left">

<tbody>

<tr>

<td colspan="3" align="center"><a href="https://www.appgate.com/" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>

</tr>

<tr>

<td colspan="3" align="center"> </td>

</tr>

<tr>

<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="18" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>

<td width="28%"><a href="https://twitter.com/AppgateSecurity" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="20" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>

<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="width: 26px; height: 18px; max-width: initial;" width="26" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>

</tr>

</tbody>

</table>

<p style="margin-top:0px; margin-bottom:0px"> </p>

</td>

<td colspan="2" rowspan="2" style="width:350px">

<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">

<strong>MART</strong><br>

</p>

<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">

Malware Analysis and Research Team<br>

<strong>Appgate</strong></p>

<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">

E:<span style="margin:0px"> <a href="mailto:ctas-mat@appgate.com" title="mailto:ctas-mat@appgate.com">

ctas-mat@appgate.com</a></span><br>

</p>

<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">

<br>

<span style="margin:0px; background-color:white"></span></p>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</body>

</html>