Cyber Security News

Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access.

The vulnerabilities, identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, affect both VMware NSX and VMware Cloud Foundation.

According to the Broadcom report, the advisory, VMSA-2024-0020, was initially published on October 9, 2024, and highlights the moderate severity of these issues with a CVSSv3 base score ranging from 4.3 to 6.7.

Impacted Products

The vulnerabilities impact the following products:

  • VMware NSX
  • VMware Cloud Foundation

These products are critical components in many enterprise environments, providing network virtualization and security services.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Detailed Analysis of Vulnerabilities

Command Injection Vulnerability (CVE-2024-38817)

This vulnerability, CVE-2024-38817, involves command injection within VMware NSX. It allows a malicious actor to access the NSX Edge CLI terminal and execute arbitrary commands on the operating system as root.

This issue has a maximum CVSSv3 base score of 6.7. The vulnerability can be remediated by updating to version 4.2.1 for NSX and version 3.2.4.1 for NSX-T.

Local Privilege Escalation Vulnerability (CVE-2024-38818)

This vulnerability, CVE-2024-38818, allows an authenticated malicious actor to escalate privileges and obtain permissions from a separate group role than previously assigned. It also carries a maximum CVSSv3 base score of 6.7.

To address this vulnerability, users should update to version 4.2.1 for NSX, while Cloud Foundation users should apply an asynchronous patch.

Content Spoofing Vulnerability (CVE-2024-38815)

This vulnerability, CVE-2024-38815, allows an unauthenticated attacker to craft a URL that redirects victims to an attacker-controlled domain, potentially leading to sensitive information disclosure. It has a CVSSv3 base score of 4.3.

VMware’s recent advisory underscores the importance of timely updates and patches in maintaining cybersecurity defenses.

Organizations using affected VMware products are urged to apply the recommended updates promptly to mitigate potential risks associated with these vulnerabilities.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property. Unfortunately,…

14 hours ago

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024…

15 hours ago

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's inception.…

15 hours ago

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to develop…

15 hours ago

Thousands of PHP-based Web Applications Exploited to Deploy Malware

A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web applications.…

16 hours ago

W3 Total Cache Plugin Vulnerability Let Attackers Gain Unauthorized Access to Sensitive Data

A significant security vulnerability has been identified in the W3 Total Cache plugin for WordPress,…

18 hours ago