Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in VMware Cloud Foundation
Alerts

Critical Vulnerability in VMware Cloud Foundation

26 October 2022

VMware has released a security update to address a critical vulnerability (CVE-2021-39144) in their Cloud Foundation products. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

The remote code execution vulnerability is present in XStream, an open source library used in some VMware products. 

Successful exploitation of the vulnerability could allow an unauthenticated attacker to perform remote code execution on the affected product as root. The vulnerability is reportedly being actively exploited.

The XStream vulnerability affects all versions of VMware NSX Data Center for vSphere (NSX-v) Manager prior to 6.4.14.

Users and administrators of affected product versions are advised to upgrade immediately.

More information is available here:

https://www.vmware.com/security/advisories/VMSA-2022-0027.html

https://kb.vmware.com/s/article/89932

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144

https://nvd.nist.gov/vuln/detail/cve-2021-39144

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-cloud-foundation-remote-code-execution-bug/

Back to top