CVE-2021-21981

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGH

EPSS

0.0%

top 85.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Vmware Nsx-t Data Center

Timeline

PublishedApr 19

Latest updateMay 24

Description

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5vmware_nsx-tVMware NSX-T 3.1.1

▶NVDbroadcom/vmware_nsx-t_data_center3.1.1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-q6cx-mp3v-659q: VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment↗2022-05-24

▶

CVEList

CVE-2021-21981: VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment↗2021-04-19

▶

📋Vendor Advisories

VMware

VMware NSX-T updates address a privilege escalation vulnerability (CVE-2021-21981)↗2021-04-19

▶