Application vulnerability detection firm Wallarm Detect has issued a warning about ongoing exploitation of a critical flaw in VMware Cloud Foundation and NSX Data Center for vSphere.
CVE-2021-39144, which carries a CVSS score of 9.8, was disclosed in October 2022, when patches were announced, but the affected product had already reached end-of-life status.
Since December 2022, Wallarm Detect has observed a peak of over 4,600 exploitation attempts per day, coming from IP addresses of well-known data centres.
The flaw was identified in the XStream open-source library that supports object serialization to and from XML. The vulnerability affects XStream version 1.4.17 and older. It allows a malicious actor to execute remote code in the context of “root” on the appliance.
CVE-2022-31678, a medium-severity XML External Entity (XXE) flaw that can cause a denial-of-service (DoS) condition, was also addressed in the patches.
The severity of the two vulnerabilities is assessed differently by Wallarm Detect than by VMware. CVE-2022-31678, in NSX Manager, is given a CVSS score of 9.1, making it critical.
Meanwhile, CVE-2021-39144, in NSX-V, is given a CVSS score of 8.5, classifying it as “high severity”. If the vulnerabilities are successfully exploited, they could enable attackers to steal data, execute arbitrary code, and take over the network infrastructure, the company warns.
