Proxmox/Hyper-V/VMware

VMware NSX Edge update addresses CLI shell injection vulnerability (CVE-2022-22945)

VMwareNSX

A CLI shell injection vulnerability affecting VMware NSX Edge was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8. The ESG gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple ESG virtual appliances in a data center. Firewall rules and other NSX Edge services are enforced on traffic between network interfaces.

Known Attack Vectors: A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.

Resolution

To remediate CVE-2022-22945 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware NSX EdgeAnyAnyCVE-2022-229458.8Important 6.4.13NoneNone

Downloads and Documentation

Kindly refer to the following links for the available downloads and necessary documentation.
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=NSXV_6413&productId=417&rPId=84646
– https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/VMware-NSX-Data-Center-for-vSphere-6413-Release-Notes.html

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x