VMware has recently revealed a series of vulnerabilities within its NSX product line that have the potential to allow attackers to gain root access. These vulnerabilities, known as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, impact both VMware NSX and VMware Cloud Foundation.
The Broadcom report, specifically advisory VMSA-2024-0020, which was initially released on October 9, 2024, highlights the moderate severity of these vulnerabilities. The CVSSv3 base score for these issues ranges from 4.3 to 6.7, indicating the potential risk they pose to affected systems.
The impacted products include VMware NSX and VMware Cloud Foundation. These products play vital roles in enterprise environments, providing essential network virtualization and security services. As such, any vulnerabilities within these products can have wide-reaching implications for organizations relying on them for their network infrastructure.
One of the vulnerabilities, known as the Command Injection Vulnerability (CVE-2024-38817), involves command injection within VMware NSX. This vulnerability allows a malicious actor to access the NSX Edge CLI terminal and execute arbitrary commands on the operating system as root. With a maximum CVSSv3 base score of 6.7, this vulnerability is significant and should be addressed promptly by updating to version 4.2.1 for NSX and version 3.2.4.1 for NSX-T.
Another vulnerability, the Local Privilege Escalation Vulnerability (CVE-2024-38818), enables an authenticated malicious actor to escalate privileges and obtain permissions from a separate group role than previously assigned. This vulnerability also carries a maximum CVSSv3 base score of 6.7. To mitigate this risk, users of affected products should update to version 4.2.1 for NSX and apply an asynchronous patch for Cloud Foundation.
The Content Spoofing Vulnerability (CVE-2024-38815) allows an unauthenticated attacker to craft a URL that redirects victims to an attacker-controlled domain, potentially leading to sensitive information disclosure. This vulnerability has a CVSSv3 base score of 4.3, highlighting the importance of addressing it promptly to prevent potential exploitation.
VMware’s recent advisory emphasizes the importance of timely updates and patches to maintain strong cybersecurity defenses. Organizations utilizing affected VMware products are strongly advised to apply the recommended updates promptly to reduce the risks associated with these vulnerabilities and safeguard their network infrastructure.
In conclusion, staying informed about potential vulnerabilities and promptly addressing them through updates and patches is crucial for organizations to enhance their cybersecurity posture and protect their critical systems and data from malicious actors.