1 min read

CISA Adds Additional VMware Security Flaw to Known Exploited Vulnerabilities Catalog

CISA Adds Additional VMware Security Flaw to Known Exploited Vulnerabilities Catalog

CVE-2021-39144 – VMware Cloud Foundation XStream Remote Code Execution Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added another VMware vulnerability (CVE-2021-39144) to their growing list of vulnerabilities that they have observed threat actors exploiting in the wild. Exploitation only requires network access to the NSX-v Manager appliance, and successful exploitation will give root privileges (full control) of the NSX-v Manager. This exploit is lower complexity with available POC code, and vulnerable systems only need to be network accessible to any compromised machines, or web accessible, with no additional requirements such as valid credentials.

All versions of VMware NSX Data Center for vSphere (NSX-v) Manager 6.4.14 are affected by the vulnerability. Because these are observed being actively exploited, it is important to ensure that relevant VMware products are fully patched. Additional information is available in the VMware article linked below. Proof of concept (POC) code is currently available, giving both security professionals and threat actors easy methods to find vulnerable systems. The NIST link below has references to available exploit code.

CVE-2021-39144 Mitigation

  • If leveraging VMware Cloud Foundation, ensure that it is fully patched.
  • Proper documentation of critical and sensitive infrastructure products to quickly identify potentially vulnerable systems.
  • Network segmentation and limited accessibility to VMware/critical infrastructure should be enforced and periodically reviewed.

References

Disclaimer

The information provided in this article is provided “as-is.” It is not finally evaluated intelligence and should be considered raw information that is provided for strictly situational awareness, given what is known at this time.

I (don't) like to MOVEit MOVEit

5 min read

I (don't) like to MOVEit MOVEit

PacketWatch was made aware this morning of a critical vulnerability being actively exploited with a file transfer software MOVEit, from the company...

Read More
Acropalypse Now: New Bug and Zero-Day Discovered in Multiple Image Editing Products

3 min read

Acropalypse Now: New Bug and Zero-Day Discovered in Multiple Image Editing Products

Bottom Line Up Front (BLUF) Cropped screenshots on affected software leave behind image data that can be recovered, potentially revealing uncropped...

Read More
Critical Vulnerability in Outlook Requiring Little to No Interaction Patched by Microsoft

3 min read

Critical Vulnerability in Outlook Requiring Little to No Interaction Patched by Microsoft

Read our latest Enterprise Threat Intelligence Briefing on the Microsoft Outlook Elevation of Privilege Vulnerability, compiled by Kyle Nordby and ...

Read More