Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Fix CVE-2021-39144- A Critical RCE Vulnerability in VMware Cloud Foundation
October 31, 2022
|
6m

How to Fix CVE-2021-39144- A Critical RCE Vulnerability in VMware Cloud Foundation


How To Fix Cve 2021 39144 A Critical Rce Vulnerability In Vmware Cloud Foundation

VMWare published an advisory on 25th Oct 2022 in which it disclosed two vulnerabilities in VMware Cloud Foundation. The flaw tracked as CVE-2022-31678 is rated Critical with a CVSS score of 9.8, and another one which is tracked under the identifier CVE-2021-39144 is rated Moderate in severity with a CVSS score of 5.3 respectively. As per the report, attackers could abuse these vulnerabilities to carry out remote code execution and XML External Entity (XXE) attacks on vulnerable VMware Cloud Foundation. Considering the severity of the flaws, it is highly recommended that all organizations should work on patching the flaws on their VMWare Cloud Foundation. We have created this post to help you know how to fix CVE-2021-39144, a critical RCE vulnerability in VMware Cloud Foundation.

A Short Introduction About VMware Cloud Foundation

VMware Cloud Foundation is a complete cloud infrastructure platform that bundles computing, storage, networking, security, and cloud management into a single integrated stack. By running on industry-standard hardware, it delivers the agility and efficiency of the public cloud without sacrificing the security and control of on-premise data centers.

In addition to providing a unified platform for private, hybrid, and public clouds, VMware Cloud Foundation also enables customers to take advantage of new services and capabilities from VMware as they become available. This includes features such as NSX networking and security, vSAN storage, and vRealize management and automation.

VMware Cloud Foundation is an ideal platform for organizations that are looking to build private, hybrid, or public clouds. It provides a unified platform that can be easily deployed and managed while still giving customers the flexibility to choose the right mix of computing, storage, networking, and security for their needs. If youre interested in learning more about VMware Cloud Foundation, be sure to check out our other resources.

A Short Introduction About VMware Cloud Foundation NSX

VMware Cloud Foundation is a cloud infrastructure platform that integrates and automates VMware vSphere, vSAN, NSX, and SDDC Manager into a single platform. This unified software-defined data center (SDDC) stack reduces operational complexity and provides a more efficient way to run your IT workloads.

NSX is the network virtualization platform for the SDDC. It enables you to create, manage, and grow your network without the need for physical hardware. NSX provides a complete set of networking and security features that are essential for running todays modern applications in the cloud.

The integration of NSX into VMware Cloud Foundation makes it easy to deploy and operate a consistent, secure, and efficient SDDC infrastructure. NSX provides the network virtualization capabilities that are needed to support the multi-tenant, hybrid cloud environments of tomorrow.

VMware Cloud Foundation NSX is the perfect solution for businesses that are looking to simplify their IT infrastructure and reduce operational costs. It is a complete SDDC platform that enables you to quickly deploy and manage your workloads in the cloud.

Summary of CVE-2021-39144

This is a remote code execution vulnerability in VMware Cloud Foundation (NSX-V). This vulnerability is rated critical and assigned a CVSS score of 9.8 out of 10 and is due to a lack of input tantalization in VMware Cloud Foundation (NSX-V). It allows an unauthenticated, remote attacker to exploit these vulnerabilities and execute arbitrary code on vulnerable devices. 

Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance.


-VMWare

Summary of CVE-2022-31678

This is an XML External Entity (XXE) vulnerability in VMware Cloud Foundation (NSX-V). This vulnerability is rated moderate and assigned a CVSS score of 5.3 out of 10 and is due to a lack of input tantalization in VMware Cloud Foundation (NSX-V). It allows an unauthenticated, remote attacker to exploit these vulnerabilities and creates a denial-of-service-like condition or unintended information disclosure. 

An unauthenticated user may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

-VMWare

VMware Cloud Foundation Versions Affected by The Vulnerabilities

As per the KB published by VMware, all versions for VMware NSX Data Center for vSphere (NSX-V) before NSX-V 6.4.14 appliances and all the VMware Cloud Foundation(VCF) 3.x versions are affected by both vulnerabilities. 

  • VMware NSX Data Center for vSphere (NSX-V) less than NSX-V 6.4.14

  • VMware Cloud Foundation(VCF) 3.x

How to Fix CVE-2021-39144- A Critical RCE Vulnerability in VMware Cloud Foundation?

VMWare has released patches (NSX-v hot patch version: 6.4.14-20609341) to address these vulnerabilities. Please apply the patches for the version prior to VCF 3.9.1. if you are running a version VCF 3.9.1 and above or not in a position to apply the patch, you should look out for a workaround published on the same page. 

VMware Cloud Foundation VersionsUpgrade Options
Prior to VCF 3.9.1Upgrade to 3.11.0.1 or later and apply the steps in the workaround section of this article.
VCF 3.9.1 and aboveApply the steps in the Workaround section of this article.

How to Fix CVE-2021-39144?



Follow these processes to fix the flaws.

  1. Apply the patches on each VMware NSX-V instance

    Download the patches from the Product Patch page and apply on each VMware NSX-V instance deployed in your VMware Cloud Foundation environment.

  2. Login to VMs in SDDC manager

    Log in to each VM in the SDDC manager via SSH and sudo to the root account.

  3. Check the version and ID of NSX-V

    Run this command in the CLI of the NSX to display the version and ID. Make a note of version and ID.

    # curl localhost/inventory/nsxmanagers | json_pp

  4. Apply the patch

    Run this API command to update NSX-v hot patch version: 6.4.14-20609341.

    root@sddc-manager [ /home/vcf ]# curl -X PATCH localhost/inventory/entities/<<NSX-v ID>> -d {version:6.4.14-20609341, type:NSXMANAGER} -H Content-Type:application/json

  5. Check the version on NSX-V again

    Run this command to check the version of NSX-V.

    root@sddc-manager [ /home/vcf ]# curl localhost/inventory/nsxmanagers | json_pp

These steps need to be repeated for every new VI workload domain that is created.

Wrap Up

The flaw stems from an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V). Fixing this vulnerability requires an upgrade to the latest version, 6.4.14-20609341. We hope this post will help you know how to fix CVE-2021-39144, a critical RCE vulnerability in VMware Cloud Foundation. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this. 

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe