VMware NSX Edge update addresses CLI shell injection vulnerability (CVE-2022-22945)

Impacted Products: VMware NSX Edge

A CLI shell injection vulnerability affecting VMware NSX Edge was privately reported to VMware.
- Updates are available to address this vulnerability in affected VMware products.

- VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.

Known Attack Vectors

A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.

Resolution

To remediate CVE-2022-22945 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds: None

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware NSX Edge	Any	Any	CVE-2022-22945	8.8	Important	6.4.13	None	None

Downloads and Documentation:
- https://customerconnect.vmware.com/en/downloads/details?downloadGroup=NSXV_6413&productId=417&rPId=84646

- https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/VMware-NSX-Data-Center-for-vSphere-6413-Release-Notes.html

Page 1 / 1

@Iams3le : Thanks for sharing !

Thank you for bringing this to attention.

Impacted Products: VMware NSX Edge

Comment

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded