CVE-2024-38817

EUVD-2024-37639
VMware NSX contains a command injection vulnerability. 

A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
vmwarensx
4.1.0 ≤
𝑥
< 4.2.1
ADP
vmwarensx-t
3.2.0 ≤
𝑥
< 3.2.4.1
ADP
vmwarecloud_foundation
5.0 ≤
𝑥
< Async_Patch_to_4.2.1
ADP
Common Weakness Enumeration
References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047