Table of Contents
October 31, 2022
|6m
How to Fix CVE-2021-39144- A Critical RCE Vulnerability in VMware Cloud Foundation
VMWare published an advisory on 25th Oct 2022 in which it disclosed two vulnerabilities in VMware Cloud Foundation. The flaw tracked as CVE-2022-31678 is rated Critical with a CVSS score of 9.8, and another one which is tracked under the identifier CVE-2021-39144 is rated Moderate in severity with a CVSS score of 5.3 respectively. As per the report, attackers could abuse these vulnerabilities to carry out remote code execution and XML External Entity (XXE) attacks on vulnerable VMware Cloud Foundation. Considering the severity of the flaws, it is highly recommended that all organizations should work on patching the flaws on their VMWare Cloud Foundation. We have created this post to help you know how to fix CVE-2021-39144, a critical RCE vulnerability in VMware Cloud Foundation.
A Short Introduction About VMware Cloud Foundation
VMware Cloud Foundation is a complete cloud infrastructure platform that bundles computing, storage, networking, security, and cloud management into a single integrated stack. By running on industry-standard hardware, it delivers the agility and efficiency of the public cloud without sacrificing the security and control of on-premise data centers.
In addition to providing a unified platform for private, hybrid, and public clouds, VMware Cloud Foundation also enables customers to take advantage of new services and capabilities from VMware as they become available. This includes features such as NSX networking and security, vSAN storage, and vRealize management and automation.
VMware Cloud Foundation is an ideal platform for organizations that are looking to build private, hybrid, or public clouds. It provides a unified platform that can be easily deployed and managed while still giving customers the flexibility to choose the right mix of computing, storage, networking, and security for their needs. If you’re interested in learning more about VMware Cloud Foundation, be sure to check out our other resources.
A Short Introduction About VMware Cloud Foundation NSX
VMware Cloud Foundation is a cloud infrastructure platform that integrates and automates VMware vSphere, vSAN, NSX, and SDDC Manager into a single platform. This unified software-defined data center (SDDC) stack reduces operational complexity and provides a more efficient way to run your IT workloads.
NSX is the network virtualization platform for the SDDC. It enables you to create, manage, and grow your network without the need for physical hardware. NSX provides a complete set of networking and security features that are essential for running today’s modern applications in the cloud.
The integration of NSX into VMware Cloud Foundation makes it easy to deploy and operate a consistent, secure, and efficient SDDC infrastructure. NSX provides the network virtualization capabilities that are needed to support the multi-tenant, hybrid cloud environments of tomorrow.
VMware Cloud Foundation NSX is the perfect solution for businesses that are looking to simplify their IT infrastructure and reduce operational costs. It is a complete SDDC platform that enables you to quickly deploy and manage your workloads in the cloud.
Summary of CVE-2021-39144
This is a remote code execution vulnerability in VMware Cloud Foundation (NSX-V). This vulnerability is rated critical and assigned a CVSS score of 9.8 out of 10 and is due to a lack of input tantalization in VMware Cloud Foundation (NSX-V). It allows an unauthenticated, remote attacker to exploit these vulnerabilities and execute arbitrary code on vulnerable devices.
“Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of ‘root’ on the appliance.”
-VMWare
Summary of CVE-2022-31678
This is an XML External Entity (XXE) vulnerability in VMware Cloud Foundation (NSX-V). This vulnerability is rated moderate and assigned a CVSS score of 5.3 out of 10 and is due to a lack of input tantalization in VMware Cloud Foundation (NSX-V). It allows an unauthenticated, remote attacker to exploit these vulnerabilities and creates a denial-of-service-like condition or unintended information disclosure.
“An unauthenticated user may exploit this issue leading to a denial-of-service condition or unintended information disclosure.“
-VMWare
VMware Cloud Foundation Versions Affected by The Vulnerabilities
As per the KB published by VMware, all versions for VMware NSX Data Center for vSphere (NSX-V) before NSX-V 6.4.14 appliances and all the VMware Cloud Foundation(VCF) 3.x versions are affected by both vulnerabilities.
VMware NSX Data Center for vSphere (NSX-V) less than NSX-V 6.4.14
VMware Cloud Foundation(VCF) 3.x
How to Fix CVE-2021-39144- A Critical RCE Vulnerability in VMware Cloud Foundation?
VMWare has released patches (NSX-v hot patch version: 6.4.14-20609341) to address these vulnerabilities. Please apply the patches for the version prior to VCF 3.9.1. if you are running a version VCF 3.9.1 and above or not in a position to apply the patch, you should look out for a workaround published on the same page.
| VMware Cloud Foundation Versions | Upgrade Options |
| Prior to VCF 3.9.1 | Upgrade to 3.11.0.1 or later and apply the steps in the workaround section of this article. |
| VCF 3.9.1 and above | Apply the steps in the Workaround section of this article. |
How to Fix CVE-2021-39144?
Follow these processes to fix the flaws.
Apply the patches on each VMware NSX-V instance
Download the patches from the Product Patch page and apply on each VMware NSX-V instance deployed in your VMware Cloud Foundation environment.
Login to VMs in SDDC manager
Log in to each VM in the SDDC manager via SSH and sudo to the root account.
Check the version and ID of NSX-V
Run this command in the CLI of the NSX to display the version and ID. Make a note of version and ID.
# curl localhost/inventory/nsxmanagers | json_ppApply the patch
Run this API command to update NSX-v hot patch version: 6.4.14-20609341.
root@sddc-manager [ /home/vcf ]# curl -X PATCH ‘localhost/inventory/entities/<<NSX-v ID>>’ -d ‘{“version”:”6.4.14-20609341″, “type”:”NSXMANAGER”}’ -H ‘Content-Type:application/json’Check the version on NSX-V again
Run this command to check the version of NSX-V.
root@sddc-manager [ /home/vcf ]# curl localhost/inventory/nsxmanagers | json_pp
These steps need to be repeated for every new VI workload domain that is created.
Wrap Up
The flaw stems from an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V). Fixing this vulnerability requires an upgrade to the latest version, 6.4.14-20609341. We hope this post will help you know how to fix CVE-2021-39144, a critical RCE vulnerability in VMware Cloud Foundation. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
How to Fix CVE-2023-20864- A Critical Logs Deserialization Vulnerability in VMware Aria?
How To Fix CVE-2022-22951(2)- Critical Vulnerabilities In VMware Carbon Black App Control Server
How To Fix CVE-2021-22048- IWA Privilege Escalation Vulnerability In VMware vCenter Server
What Is Remote Code Execution? How To Prevent Remote Code Execution?
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
