cnvd - cnvd-2021-29849

cnvd-2021-29849

Vulnerability from cnvd

Title

VMware NSX-T权限许可和访问控制问题漏洞

Description

Vmware VMware NSX-T是美国威睿（Vmware）公司的一个用来构建云原生应用程序的架构。该服务为具有异构端点环境和技术堆栈的新兴应用程序框架和架构提供网络、安全和自动化并简化操作。 NSX-T 3.1.1存在权限许可和访问控制问题漏洞，该漏洞源于RBAC（基于角色的访问控制）角色分配问题而存在的。远程攻击者可以升级系统上的特权。

Severity

高

Patch Name

VMware NSX-T权限许可和访问控制问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.vmware.com/security/advisories/VMSA-2021-0006.html

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/200183

Impacted products

Name
VMWare VMware NSX-T 3.1.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21981"
    }
  },
  "description": "Vmware VMware NSX-T\u662f\u7f8e\u56fd\u5a01\u777f\uff08Vmware\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u6765\u6784\u5efa\u4e91\u539f\u751f\u5e94\u7528\u7a0b\u5e8f\u7684\u67b6\u6784\u3002\u8be5\u670d\u52a1\u4e3a\u5177\u6709\u5f02\u6784\u7aef\u70b9\u73af\u5883\u548c\u6280\u672f\u5806\u6808\u7684\u65b0\u5174\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u548c\u67b6\u6784\u63d0\u4f9b\u7f51\u7edc\u3001\u5b89\u5168\u548c\u81ea\u52a8\u5316\u5e76\u7b80\u5316\u64cd\u4f5c\u3002\n\nNSX-T 3.1.1\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eRBAC\uff08\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff09\u89d2\u8272\u5206\u914d\u95ee\u9898\u800c\u5b58\u5728\u7684\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5347\u7ea7\u7cfb\u7edf\u4e0a\u7684\u7279\u6743\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2021-0006.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-29849",
  "openTime": "2021-04-22",
  "patchDescription": "Vmware VMware NSX-T\u662f\u7f8e\u56fd\u5a01\u777f\uff08Vmware\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u6765\u6784\u5efa\u4e91\u539f\u751f\u5e94\u7528\u7a0b\u5e8f\u7684\u67b6\u6784\u3002\u8be5\u670d\u52a1\u4e3a\u5177\u6709\u5f02\u6784\u7aef\u70b9\u73af\u5883\u548c\u6280\u672f\u5806\u6808\u7684\u65b0\u5174\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u548c\u67b6\u6784\u63d0\u4f9b\u7f51\u7edc\u3001\u5b89\u5168\u548c\u81ea\u52a8\u5316\u5e76\u7b80\u5316\u64cd\u4f5c\u3002\r\n\r\nNSX-T 3.1.1\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eRBAC\uff08\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff09\u89d2\u8272\u5206\u914d\u95ee\u9898\u800c\u5b58\u5728\u7684\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5347\u7ea7\u7cfb\u7edf\u4e0a\u7684\u7279\u6743\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware NSX-T\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "VMWare VMware NSX-T 3.1.1"
  },
  "referenceLink": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200183",
  "serverity": "\u9ad8",
  "submitTime": "2021-04-20",
  "title": "VMware NSX-T\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2021-21981 (GCVE-0-2021-21981)

Vulnerability from cvelistv5

Published

2021-04-19 14:37

Modified

2024-08-03 18:30

Severity ?

CWE

Privilege escalation vulnerability

Summary

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.

References

URL

Tags

https://www.vmware.com/security/advisories/VMSA-2021-0006.html

x_refsource_MISC