Application vulnerability detection firm Wallarm Detect warns of ongoing exploitation of a critical flaw in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).
Tracked as CVE-2021-39144 (CVSS score of 9.8), the issue was disclosed in October 2022, when VMware announced patches for it, although the affected product had reached end-of-life (EOL) status in January 2022.
“Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of ‘root’ on the appliance,” VMware said at the time.
The security defect was identified in the XStream open source library that supports the serialization of objects to XML and back. The vulnerability impacts XStream version 1.4.17 and older.
VMware announced patches for this vulnerability on October 25. Two days later, the company updated its advisory to warn that proof-of-concept (PoC) code targeting the vulnerability had been released.
The issue was addressed along with CVE-2022-31678, a medium-severity XML External Entity (XXE) flaw that could allow an unauthenticated attacker to cause a denial-of-service (DoS) condition.
On Monday, Wallarm Detect revealed that, since December 2022, it has been observing ongoing exploitation of these vulnerabilities in the VMware NSX Manager network virtualization and security solution.
“Active exploitation started on 2022-Dec-08 and keeps going. Attackers are scanning from well-known data centers like Linode and Digital Ocean – over 90% of the attacks are coming from their IP addresses,” the security firm says.
Wallarm Detect says it observed a peak in exploitation attempts in late December, at over 4,600 attacks per day, but that the number decreased in late January, to an average of 500 attacks per day.
“If successfully exploited, the impact of these vulnerabilities could be catastrophic, allowing attackers to execute arbitrary code, steal data, and/or take control of the network infrastructure,” the company notes.
It is also worth noting that Wallarm Detect is assessing the severity of these two vulnerabilities differently than VMware. In NSX Manager, the firm says, CVE-2022-31678 has a CVSS score of 9.1, which makes it critical, while CVE-2021-39144 has a CVSS score of 8.5, making it ‘high severity’.
Related: VMware Plugs Critical Carbon Black App Control Flaw
Related: VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
Related: High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
