VMware NSX Injection Vulnerability Allows Root Access

CVE-2024-38817

6.7MEDIUM

Key Information

Vendor: VMware
Status: Vmware Nsx, Vmware Cloud Foundation
Vendor: CVE Published:; 9 October 2024

Summary

VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.

Affected Version(s)

VMware NSX, VMware Cloud Foundation = VMware NSX 4.1.x, NSX-T 3.2.x

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 6.7 - (MEDIUM)
Oct 10, 2024
Vulnerability published.
Oct 9, 2024

Collectors

NVD DatabaseMitre Database