Dirmann Technology Consultants

New NSX-T 3.1 Vulnerability (7.5 out of 10)

Team:

Real quick! VMware announce a newly discovered vulnerability in NSX-T 3.1 that weighs in at a base score of 7.5 of 10 in CSSSv3, giving it an ‘Important’ label. This particular exploit will allow unauthorized privilege escalation through the local ‘guest’ account.

The Workaround

Luckily, this one doesn’t make you jump through hoops, stand on your tippy tips, and perform the sacred ceremony of our forefathers to mitigate. Actually, it’s really simple. Just disable the ‘guest’ account. Furthermore, don’t assign the guest account the any RBAC roles that allow it execute user-role assignments. Quite frankly, I don’t know why you would do this anyway…or even have the guest account enabled, for that matter. But maybe you do for some specific reason, and if so, you should disable it if you can’t patch your NSX-T infrastructure.

The Perma-Fix

Yes, that’s right! Patching up to 3.1.2 will permanent resolve the issue for you. See? Really simple!

Conclusion

There’s not much more to say about this one. If you want to review the actual VMware Advisory, it can be found here. I have a few more articles that I’m working on pumping out for everyone so stay tuned! Thanks for reading. If you enjoyed the post make sure you check us out at dirmann.tech and follow us on LinkedInTwitterInstagram, and Facebook!

References:

https://www.vmware.com/security/advisories/VMSA-2021-0006.html

https://kb.vmware.com/s/article/83047

Share this article on social media:
Facebooktwitterredditpinterestlinkedinmail