VMware patches NSX-T privilege escalation vulnerability (CVE-2021-21981)

VMware patches NSX-T privilege escalation vulnerability (CVE-2021-21981)

VMware issued a security advisory for a High severity privilege escalation vulnerability CVE-2021-21981 in VMware NSX-T.

An attacker could exploit this vulnerability and take control of an unpatched system.

VMware warned “VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment.”

As a result, an attacker with access to a local guest user account to assign privileges higher than their own permission level. 

This issue affects only VMware NSX-T version 3.1.1 and has been patched with version 3.1.2.

Although VMware rated CVE-2021-21981 as ‘Important’, the vulnerability has a CVSS score of 7.5 which falls in the High severity range according to NIST.

Related Articles

Tags: , , ,