VMware Cloud Foundation XStream Deserialization

Added: 10/31/2022

Background

VMware Cloud Foundation is a hybrid cloud platform.

Problem

An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation (NSX-V) allows a remote attacker to execute arbitrary commands.

Resolution

Apply the patch referenced in VMSA-2022-0027.

References

https://www.vmware.com/security/advisories/VMSA-2022-0027.html
https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html

Back to exploit index