by VMware has patched a high-severity vulnerability affecting its VMware Cloud Foundation and NSX Manager products that allowed unauthorized hackers to execute malicious code with the highest system privileges. The vulnerability, numbered CVE-2021-39144, has a risk rating of 9.8/10, and exists in the XStream open source library that Cloud Foundation relies on for NSX Manager. Because the risk is so high, VMware has unusually released a patch for a version that is no longer supported. . The vulnerability was discovered by security researchers Sina Kheirkhah and Steven Seeley of Source Incite, who released the POC code for the exploit at the same time.
https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html
