VMSA-2024-0020:VMware NSX updates address multiple vulnerabilities (CVE-2024-38818, CVE-2024-38817, CVE-2024-38815)
25047
10 October 2024
09 October 2024
OPEN
MEDIUM
4.3-6.7
CVE-2024-38818, CVE-2024-38817, CVE-2024-38815
Advisory ID: | VMSA-2024-0020 |
Advisory Severity: | Moderate |
CVSSv3 Range: | 4.3-6.7 |
Synopsis: | VMware NSX updates address multiple vulnerabilities (CVE-2024-38818, CVE-2024-38817, CVE-2024-38815) |
Issue date: | 2024-10-09 |
Updated on: | 2024-10-09 (Initial Advisory) |
CVE(s) | CVE-2024-38818, CVE-2024-38817, CVE-2024-38815 |
1.Impacted Products
- VMware NSX
- VMware Cloud Foundation
2.Introduction
Multiple vulnerabilities in VMware NSX were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products.
3a. VMware NSX command injection vulnerability (CVE-2024-38817)
Description:
VMware NSX contains a command injection vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
Known Attack Vectors:
A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.
Resolution:
To remediate CVE-2024-38817 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None
Acknowledgments:
VMware would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue to us.
Response Matrix:
VMware Product |
Version |
Running On |
CVE |
CVSSv3 |
Severity |
Fixed Version |
Workarounds |
Additional Documentation |
NSX |
4.x |
Any |
CVE-2024-38817 |
6.7 |
Moderate |
None |
None |
|
NSX-T |
3.x |
Any |
CVE-2024-38817 |
6.7 |
Moderate |
None |
None |
|
Cloud Foundation (NSX) | 5.x | Any |
CVE-2024-38817 |
6.7 | Moderate | Async Patch to 4.2.1 | None | Async Patching Guide: KB88287 |
Cloud Foundation (NSX-T) | 4.x | Any |
CVE-2024-38817 |
6.7 | Moderate | Async Patch to 3.2.4.1 | None |
Async Patching Guide: KB88287 |
3b. VMware NSX local privilege escalation vulnerability (CVE-2024-38818)
Description:
VMware NSX contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
Known Attack Vectors:
An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.
Resolution:
To remediate CVE-2024-38818 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None
Acknowledgments:
VMware would like to thank Allan Pinto and Kumaran Ravichandran of Westpac Banking Corporation and Benjamin Johns of IQ Consult for reporting this issue to us.
3c. VMware NSX content spoofing vulnerability (CVE-2024-38815)
Description:
VMware NSX contains a content spoofing vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.
Known Attack Vectors:
An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.
Resolution:
To remediate CVE-2024-38815 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None
Acknowledgments:
VMware would like to thank Aymane CHAKI of Excellium Cyber Solutions by Thales for reporting this issue to us.
Response Matrix: 3b & 3c
VMware Product |
Version |
Running On |
CVE |
CVSSv3 |
Severity |
Fixed Version |
Workarounds |
Additional Documentation |
NSX |
4.x |
Any |
CVE-2024-38818, CVE-2024-38815 |
6.7, 4.3 |
Moderate |
None |
None |
|
NSX-T |
3.x |
Any |
CVE-2024-38818, CVE-2024-38815 |
6.7, 4.3 |
Moderate |
Not Impacted |
NA |
NA |
Cloud Foundation (NSX) | 5.x | Any |
CVE-2024-38818, CVE-2024-38815 |
6.7, 4.3 | Moderate | Async Patch to 4.2.1 | None | None |
Cloud Foundation (NSX-T) | 4.x | Any |
CVE-2024-38818, CVE-2024-38815 |
6.7, 4.3 | Moderate | Not Impacted | NA | NA |
4. References:
Fixed Version(s) and Release Notes:
VMware NSX 4.2.1
Downloads and Documentation
ProductDownloads - Support Portal - Broadcom support portal
VMware NSX 4.2.1 Release Notes
VMware NSX 3.2.4.1
Downloads and Documentation
ProductDownloads - Support Portal - Broadcom support portal
VMware NSX 3.2.4.1 Release Notes
VMware Cloud Foundation 5.2.1
Downloads and Documentation
ProductDownloads - Support Portal - Broadcom support portal
VMware Cloud Foundation 5.2.1 Release Notes
KB Articles:
Cloud Foundation 5.x/4.x:
https://knowledge.broadcom.com/external/article?legacyId=88287
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38815
FIRST CVSSv3 Calculator:
CVE-2024-38818: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
CVE-2024-38817: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2024-38815: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
5. Change Log:
2024-10-09 VMSA-2024-0020
Initial security advisory.
6. Contact:
E-mail: [email protected]
PGP key
https://knowledge.broadcom.com/external/article/321551
VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories
VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response
VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle
VMware Security Blog
https://blogs.vmware.com/security
Copyright 2024 Broadcom. All rights reserved.