VMSA-2022-0027 Explained

On the 25th of October, VMware announced VMSA 2022-0007, covering two CVEs, CVE-2021-39144 and CVE-2022-31678. CVEs like this provide definitions for publicly disclosed cybersecurity vulnerabilities and exposures, and in the VMSA VMware provide resolution information designed to mitigate the vulnerability. These two CVEs, one found in outdated versions of XStream, were detected by researchers at a security company called Source Incite, and more detail can be read about their findings here. 

Or particular note for this VMSA, is the issuing of a patch for NSX-V. VMware acknowledged this by saying,

‘While VMware does not mention end-of-life products on VMware Security Advisories, due to the critical severity of NSX-V the product team has made a patch available.’

‍

In response to this VMSA, our development team deployed the fix in the early hours of the 27th of October. The fix is now available in the latest Runecast definitions release, version 6.2.4.2, which is available for download. Customers with automatic updates enabled will receive the new definitions during the next update cycle, with offline updates available through the Runecast customer portal.

Below is the technical information about the CVE and VMware’s response. This is to keep you up to date with what Runecast covers, but if you have any questions at all please contact us and we will go through the fine details with you.

‍

Remote code execution vulnerability via XStream (CVE-2021-39144)

A remote code execution vulnerability, via XStream, has been discovered in VMware Cloud Foundation and NSX-V. VMware has classed this vulnerability as Critical.

Using this vulnerability a malicious actor can execute remote code in the ‘root’ of an appliance.

• The vulnerability affects VMware Cloud Foundation versions 4.x and VMware Cloud Foundation (NSX-V) version 3.11. 

A patch (KB89809) has been provided for VMware Cloud Foundation (NSX-V). 

‍

XML External Entity (XXE) vulnerability (CVE-2022-31678)

Another vulnerability (a double-fetch vulnerability) has been discovered in a USB controller, this time the UHCI USB controller. VMware has classed this vulnerability as Moderate.

Using this vulnerability an unauthenticated user could access unintended information, or perform denial of service activities.

• The vulnerability affects VMware Cloud Foundation versions 4.x and VMware Cloud Foundation (NSX-V) version 3.11. 

A patch (KB89809) has been provided for VMware Cloud Foundation (NSX-V).

‍

See recent CVEs that Runecast has covered

• VMSA-2022-004
• Runecast responds to Apache Log4j Java vulnerability

‍

Runecast is a Cloud Native Protection Platform which enables IT Security and Operations teams. With Runecast you mitigate risk, increase efficiency, reduce costs and ensure mission-critical stability – for AWS, Azure, Google Cloud Platform, Kubernetes, VMware and WIndows and Linux.

‍