A CLI shell injection vulnerability affecting VMware NSX Edge was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8. The ESG gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple ESG virtual appliances in a data center. Firewall rules and other NSX Edge services are enforced on traffic between network interfaces.
Known Attack Vectors: A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.Resolution
To remediate CVE-2022-22945 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware NSX Edge | Any | Any | CVE-2022-22945 | 8.8 | Important | 6.4.13 | None | None |
Downloads and Documentation
Kindly refer to the following links for the available downloads and necessary documentation.
– https://customerconnect.vmware.com/en/downloads/details?downloadGroup=NSXV_6413&productId=417&rPId=84646
– https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/VMware-NSX-Data-Center-for-vSphere-6413-Release-Notes.html