How can we help?
VMWare have released several patches to address high severity flaws in their software.
A critical flaw in NSX Data Center for vSphere (CVE-2022-22945) would lead to command injection.
Other vulnerabilities are less severe individually but can be chained together for higher impact.
A malicious actor with local admin privileges on a VM may be able to execute code on the host.
A malicious actor with SSH access to an NSX-Edge appliance (NSX-V) can execute arbitrary commands on the operating system as root.
VMware notes: The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments.
NSX Data Center for vSphere prior to version 6.4.13.
Multiple versions of
– Cloud Foundation
Full list is available here.
Containment, Mitigations & Remediations
Apply the updates as soon as possible.
VMWare themselves noted: “Organizations that practice change management using the ITIL definitions of change types would consider this an ’emergency change.”.
Indicators of Compromise
Not yet seen in-the-wild.
A number of these vulnerabilities were originally discovered as part of the Tianfu Cup, and international cyber security contest held in Chengdu, China.
A working VM escape would be very useful for gaining network access or deploying ransomware.