US
CISA
added
an
actively
exploited
vulnerability
in
VMware’s
Cloud
Foundation
to
its
Known
Exploited
Vulnerabilities
Catalog.
U.S.
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
has
added
a
critical
vulnerability
in
VMware’s
Cloud
Foundation,
tracked
as
CVE-2021-39144 (CVSS
score:
9.8),
to
its Known
Exploited
Vulnerabilities
Catalog.
The
remote
code
execution
vulnerability
resides
in
the
XStream
open-source
library. Unauthenticated
attackers
can
exploit
the
vulnerability
in
low-complexity
attacks
without
user
interaction.
“Due
to
an
unauthenticated
endpoint
that
leverages
XStream
for
input
serialization
in
VMware
Cloud
Foundation
(NSX-V),
a
malicious
actor
can
get
remote
code
execution
in
the
context
of
‘root’
on
the
appliance.”
reads
the advisory published
by
the
company.
The
flaw
was
reported
by
Sina
Kheirkhah
and
Steven
Seeley
from
Source
Incite.
“VMware
has
confirmed
that
exploit
code
leveraging
CVE-2021-39144
against
impacted
products
has
been
published.”
states
the advisory.
Due
to
the
severity
of
the
flaw,
VMware
also
released
security
updates
for
some end-of-life
products.
This
week
the
virtualization
giant
has
updated
its
advisory.
“Updated
advisory
with
information
that
VMware
has
received
reports
of
exploitation
activities
in
the
wild
involving CVE-2021-39144.”
reads
the
update.
According
to Binding
Operational
Directive
(BOD)
22-01:
Reducing
the
Significant
Risk
of
Known
Exploited
Vulnerabilities,
FCEB
agencies
have
to
address
the
identified
vulnerabilities
by
the
due
date
to
protect
their
networks
against
attacks
exploiting
the
flaws
in
the
catalog.
Experts
recommend
also
private
organizations
review
the Catalog and
address
the
vulnerabilities
in
their
infrastructure.
CISA
orders
federal
agencies
to
fix
this
flaw
by March
31,
2023.
Follow
me
on
Twitter:
@securityaffairs
and
Facebook
and
Mastodon
(SecurityAffairs –
hacking,
VMWare)
Share
On
About Author
