{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38817", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-06-19T22:32:06.582Z", "datePublished": "2024-10-09T19:28:05.514Z", "dateUpdated": "2024-10-10T07:54:34.429Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VMware NSX, VMware Cloud Foundation", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware NSX 4.1.x, NSX-T 3.2.x"}]}], "datePublic": "2024-10-09T17:27:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware NSX contains a command injection vulnerability.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.</span>\n\n</span>"}], "value": "VMware NSX contains a command injection vulnerability.\u00a0\n\nA malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-10-10T07:54:34.429Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "vmware", "product": "nsx", "cpes": ["cpe:2.3:a:vmware:nsx:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.1.0", "status": "affected", "lessThan": "4.2.1", "versionType": "custom"}]}, {"vendor": "vmware", "product": "nsx-t", "cpes": ["cpe:2.3:a:vmware:nsx-t:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.2.0", "status": "affected", "lessThan": "3.2.4.1", "versionType": "custom"}]}, {"vendor": "vmware", "product": "cloud_foundation", "cpes": ["cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.0", "status": "affected", "lessThan": "Async_Patch_to_4.2.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T20:19:58.944760Z", "id": "CVE-2024-38817", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T20:28:22.797Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38817", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-09T20:19:58.944760Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:nsx:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "nsx", "versions": [{"status": "affected", "version": "4.1.0", "lessThan": "4.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:nsx-t:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "nsx-t", "versions": [{"status": "affected", "version": "3.2.0", "lessThan": "3.2.4.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "cloud_foundation", "versions": [{"status": "affected", "version": "5.0", "lessThan": "Async_Patch_to_4.2.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T20:28:10.427Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "VMware NSX, VMware Cloud Foundation", "versions": [{"status": "affected", "version": "VMware NSX 4.1.x, NSX-T 3.2.x"}], "defaultStatus": "unaffected"}], "datePublic": "2024-10-09T17:27:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Mware NSX contains a command injection vulnerability.\u00a0\n\nA malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Mware NSX contains a command injection vulnerability.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.</span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-10-09T19:28:05.514Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38817", "state": "PUBLISHED", "dateUpdated": "2024-10-09T20:28:22.797Z", "dateReserved": "2024-06-19T22:32:06.582Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-10-09T19:28:05.514Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "VMware NSX contains a command injection vulnerability.\u00a0\n\nA malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root."}, {"lang": "es", "value": "Mware NSX contiene una vulnerabilidad de inyecci\u00f3n de comandos. Un actor malintencionado con acceso a la terminal CLI de NSX Edge podr\u00eda manipular payloads maliciosos para ejecutar comandos arbitrarios en el sistema operativo como root."}], "id": "CVE-2024-38817", "lastModified": "2024-10-10T12:51:56.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-10-09T20:15:08.037", "references": [{"source": "security@vmware.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}