Ongoing Exploitation of Critical Vulnerabilities in VMware Cloud Foundation and NSX-V

March 7, 2023

Application vulnerability detection firm Wallarm Detect has warned of ongoing exploitation of two critical vulnerabilities in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V). Tracked as CVE-2021-39144 and CVE-2022-31678, the vulnerabilities were disclosed in October 2022, with patches released by VMware. Wallarm Detect has observed ongoing exploitation of these vulnerabilities since December 2022, with attackers scanning from well-known data centers like Linode and Digital Ocean.

"If successfully exploited, the impact of these vulnerabilities could be catastrophic, allowing attackers to execute arbitrary code, steal data, and/or take control of the network infrastructure," said Wallarm Detect. The security firm is assessing the severity of the two vulnerabilities differently than VMware, with CVE-2022-31678 having a CVSS score of 9.1, making it critical, and CVE-2021-39144 having a CVSS score of 8.5, making it 'high severity'.

Organizations are advised to patch their systems as soon as possible to prevent exploitation of these vulnerabilities.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.