VMware NSX Edge update addresses CLI shell injection vulnerability (CVE-2022-22945)

  • 15 February 2022
  • 2 comments
  • 149 views

Userlevel 7
Badge +9
Impacted Products: VMware NSX Edge

 

A CLI shell injection vulnerability affecting VMware NSX Edge was privately reported to VMware.
- Updates are available to address this vulnerability in affected VMware products.

- VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.

 

Known Attack Vectors

A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.

Resolution

To remediate CVE-2022-22945 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.

Workarounds: None

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation

VMware NSX Edge

Any

Any

CVE-2022-22945

8.8

Important

6.4.13

None

None

 

Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=NSXV_6413&productId=417&rPId=84646

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/rn/VMware-NSX-Data-Center-for-vSphere-6413-Release-Notes.html

 


2 comments

Userlevel 7
Badge +4

@Iams3le : Thanks for sharing !

Userlevel 7
Badge +17

Thank you for bringing this to attention.

Comment