CVE-2024-38817

Summary

VMware NSX contains a command injection vulnerability. 

A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.

Affected Software

VendorProductVersion RangeStatus
n/aVMware NSX, VMware Cloud FoundationVMware NSX 4.1.x, NSX-T 3.2.xaffected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References