2024-06-19 23:00:35 +00:00
{
2024-10-09 20:00:31 +00:00
"data_version" : "4.0" ,
2024-06-19 23:00:35 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2024-38817" ,
2024-10-09 20:00:31 +00:00
"ASSIGNER" : "security@vmware.com" ,
"STATE" : "PUBLIC"
2024-06-19 23:00:35 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2024-10-10 08:00:31 +00:00
"value" : "VMware NSX contains a command injection vulnerability.\u00a0\n\nA malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root."
2024-10-09 20:00:31 +00:00
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')" ,
"cweId" : "CWE-77"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "n/a" ,
"product" : {
"product_data" : [
{
"product_name" : "VMware NSX, VMware Cloud Foundation" ,
"version" : {
"version_data" : [
{
"version_affected" : "=" ,
"version_value" : "VMware NSX 4.1.x, NSX-T 3.2.x"
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047" ,
"refsource" : "MISC" ,
"name" : "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047"
}
]
} ,
"generator" : {
"engine" : "Vulnogram 0.2.0"
} ,
"source" : {
"discovery" : "UNKNOWN"
} ,
"impact" : {
"cvss" : [
{
"attackComplexity" : "LOW" ,
"attackVector" : "LOCAL" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.7 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"privilegesRequired" : "HIGH" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
"version" : "3.1"
2024-06-19 23:00:35 +00:00
}
]
}
}
