VMware patches vulnerability with 9.8/10 severity rating in Cloud Foundation

Getty Images

Exploit code was launched this week for a just-patched vulnerability in VMware Cloud Foundation and NSX Manager home equipment that permits hackers with no authentication to execute malicious code with the very best system privileges.

VMware patched the vulnerability, tracked as CVE-2021-39144, on Tuesday and issued it a severity rating of 9.8 out of a doable 10. The vulnerability, which resides in the XStream open supply library that Cloud Foundation and NSX Manager depend on, posed a lot danger that VMware took the bizarre step of patching variations that had been not supported. The vulnerability impacts Cloud Foundation variations 3.11, and decrease. Versions 4.x aren’t in danger.

“VMware Cloud Foundation contains a remote code execution vulnerability via XStream open source library,” the corporate’s advisory, printed Tuesday, learn. “Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of ‘root’ on the appliance.”


The vulnerability was found by Sina Kheirkhah and Steven Seeley of safety agency Source Incite. At the identical time VMware disclosed and patched the vulnerability, Kheirkhah printed their very own advisory, which included the next proof-of-concept exploit.

“In XStream <= 1.4.18 there is a deserialization of untrusted data and is tracked as CVE-2021-39144," Kheirkhah wrote. "VMWare NSX Manager uses the package xstream-1.4.18.jar so it is vulnerable to this deserialization vulnerability. All we need to do is find an endpoint that is reachable from an unauthenticated context to trigger the vulnerability. I found an authenticated case but upon showing Steven, he found another location in the /home/secureall/secureall/sem/WEB-INF/spring/security-config.xml configuration. This particular endpoint is pre-authenticated due to the use of isAnonymous."

“isAnonymous” is a Boolean perform that signifies a specific account is nameless.

With exploit code obtainable, a vulnerability of this severity is prone to pose a severe risk to many organizations. Anyone utilizing an affected equipment ought to prioritize patching as quickly as doable. Organizations that may’t instantly patch can apply this non permanent workaround.


Please enter your comment!
Please enter your name here

Popular Posts

Together At Last: Titans Promises a Tighter Team and Darker Foes

The Titans have confronted interdimensional demons, assassins and a famously fearsome psychiatrist, however are they ready for what’s coming subsequent? HBO Max’s Titans returns...

Tweet Saying Nets ‘Formally Released Kyrie Irving’ Is Satire

Claim: The Brooklyn Nets launched Kyrie Irving from the NBA crew on Nov. 3, 2022. Rating: On Nov. 3,...

Data intelligence platform Alation bucks economic tendencies, raises $123M

Join us on November 9 to learn to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders on the Low-Code/No-Code Summit. Register...

Medieval II Kingdoms expansion release date revealed

If you’ve been itching for extra Total War gameplay, we’ve received one thing for you. Feral Interactive has lastly revealed the Total War:...