{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-38817","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2024-06-19T22:32:06.582Z","datePublished":"2024-10-09T19:28:05.514Z","dateUpdated":"2024-10-10T07:54:34.429Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"VMware NSX, VMware Cloud Foundation","vendor":"n/a","versions":[{"status":"affected","version":"VMware NSX 4.1.x, NSX-T 3.2.x"}]}],"datePublic":"2024-10-09T17:27:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">VMware NSX contains a command injection vulnerability.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.</span>\n\n</span>"}],"value":"VMware NSX contains a command injection vulnerability. \n\nA malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-77","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2024-10-10T07:54:34.429Z"},"references":[{"url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"vmware","product":"nsx","cpes":["cpe:2.3:a:vmware:nsx:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.1.0","status":"affected","lessThan":"4.2.1","versionType":"custom"}]},{"vendor":"vmware","product":"nsx-t","cpes":["cpe:2.3:a:vmware:nsx-t:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.2.0","status":"affected","lessThan":"3.2.4.1","versionType":"custom"}]},{"vendor":"vmware","product":"cloud_foundation","cpes":["cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.0","status":"affected","lessThan":"Async_Patch_to_4.2.1","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-09T20:19:58.944760Z","id":"CVE-2024-38817","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-09T20:28:22.797Z"}}]}}