VMSA-2024-0020:VMware NSX updates address multiple vulnerabilities (CVE-2024-38818, CVE-2024-38817, CVE-2024-38815)

VMware Cloud Foundation

1 more products

25047

10 October 2024

09 October 2024

OPEN

MEDIUM

4.3-6.7

CVE-2024-38818, CVE-2024-38817, CVE-2024-38815

 

 
Advisory ID: VMSA-2024-0020
Advisory Severity: Moderate
CVSSv3 Range: 4.3-6.7
Synopsis: VMware NSX updates address multiple vulnerabilities (CVE-2024-38818, CVE-2024-38817, CVE-2024-38815)
Issue date: 2024-10-09
Updated on: 2024-10-09 (Initial Advisory)
CVE(s) CVE-2024-38818, CVE-2024-38817, CVE-2024-38815

 

1.Impacted Products

  • VMware NSX
  • VMware Cloud Foundation

2.Introduction

Multiple vulnerabilities in VMware NSX were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products.

3a. VMware NSX command injection vulnerability (CVE-2024-38817) 

Description: 
VMware NSX contains a command injection vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.

Known Attack Vectors:
A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.

Resolution: 
To remediate CVE-2024-38817 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None

Acknowledgments: 
VMware would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue to us.

Response Matrix: 

VMware Product

Version

Running On

CVE

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

NSX

4.x

Any

CVE-2024-38817

6.7

Moderate

4.2.1

None

None

NSX-T

3.x

Any

CVE-2024-38817

6.7

Moderate

3.2.4.1

None

None

Cloud Foundation (NSX) 5.x Any

CVE-2024-38817

6.7 Moderate Async Patch to 4.2.1 None Async Patching Guide: KB88287
Cloud Foundation (NSX-T) 4.x Any

CVE-2024-38817

6.7 Moderate Async Patch to 3.2.4.1 None

Async Patching Guide: KB88287

 

3b. VMware NSX local privilege escalation vulnerability (CVE-2024-38818) 

Description: 
VMware NSX contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the  Moderate severity range with a maximum CVSSv3 base score of 6.7.

Known Attack Vectors:
An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.

Resolution: 
To remediate CVE-2024-38818 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None

Acknowledgments: 
VMware would like to thank Allan Pinto and Kumaran Ravichandran of Westpac Banking Corporation and Benjamin Johns of IQ Consult for reporting this issue to us.

 

3c. VMware NSX content spoofing vulnerability (CVE-2024-38815) 

Description: 

VMware NSX contains a content spoofing vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors:
An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.

Resolution: 
To remediate CVE-2024-38815 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None

Acknowledgments: 
VMware would like to thank Aymane CHAKI of Excellium Cyber Solutions by Thales for reporting this issue to us.

Response Matrix: 3b & 3c

 

VMware Product

Version

Running On

CVE

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

NSX

4.x

Any

CVE-2024-38818, CVE-2024-38815

6.74.3

Moderate

4.2.1

None

None

NSX-T

3.x

Any

CVE-2024-38818, CVE-2024-38815

6.74.3

Moderate

Not Impacted

NA

NA

Cloud Foundation (NSX) 5.x Any

CVE-2024-38818, CVE-2024-38815

6.74.3 Moderate Async Patch to 4.2.1 None None
Cloud Foundation (NSX-T) 4.x Any

CVE-2024-38818, CVE-2024-38815

6.74.3 Moderate Not Impacted NA NA

 

4. References:

Fixed Version(s) and Release Notes:

VMware NSX 4.2.1
Downloads and Documentation
ProductDownloads - Support Portal - Broadcom support portal
VMware NSX 4.2.1 Release Notes

VMware NSX 3.2.4.1
Downloads and Documentation
ProductDownloads - Support Portal - Broadcom support portal
VMware NSX 3.2.4.1 Release Notes

VMware Cloud Foundation 5.2.1
Downloads and Documentation
ProductDownloads - Support Portal - Broadcom support portal
VMware Cloud Foundation 5.2.1 Release Notes

KB Articles:
Cloud Foundation 5.x/4.x:
https://knowledge.broadcom.com/external/article?legacyId=88287

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38818

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38817

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38815

FIRST CVSSv3 Calculator:

CVE-2024-38818: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

CVE-2024-38817: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2024-38815: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5. Change Log:

2024-10-09 VMSA-2024-0020
Initial security advisory.

6. Contact:

E-mail: [email protected]

PGP key
https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog
https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

 

Copyright 2024 Broadcom. All rights reserved.