The Cybersecurity and Infrastructure Security Agency (CISA) has added another VMware vulnerability (CVE-2021-39144) to their growing list of vulnerabilities that they have observed threat actors exploiting in the wild. Exploitation only requires network access to the NSX-v Manager appliance, and successful exploitation will give root privileges (full control) of the NSX-v Manager. This exploit is lower complexity with available POC code, and vulnerable systems only need to be network accessible to any compromised machines, or web accessible, with no additional requirements such as valid credentials.
All versions of VMware NSX Data Center for vSphere (NSX-v) Manager 6.4.14 are affected by the vulnerability. Because these are observed being actively exploited, it is important to ensure that relevant VMware products are fully patched. Additional information is available in the VMware article linked below. Proof of concept (POC) code is currently available, giving both security professionals and threat actors easy methods to find vulnerable systems. The NIST link below has references to available exploit code.
Disclaimer
The information provided in this article is provided “as-is.” It is not finally evaluated intelligence and should be considered raw information that is provided for strictly situational awareness, given what is known at this time.