NSX-V CVE-2022-22945 workaround

search cancel

NSX-V CVE-2022-22945 workaround

book

Article ID: 319136

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:

This KB contains a workaround for CVE-2022-22945, which is covered in VMSA-2022-0005 here:
https://www.vmware.com/security/advisories/VMSA-2022-0005.html

Environment

VMware NSX Data Center for vSphere 6.4.x

Resolution

- Upgrade to NSX-V 6.4.13.
- If using VMware Cloud Foundation, upgrade to a VCF version with NSX-T or NSX-V 6.4.13, once available.

Workaround:

By default, SSH access to the following virtual machines listed below is disabled. However, if a customer has enabled SSH capabilities to these virtual machines, it is recommend to disable SSH access for the following VMs until upgrading to a Fixed Version to mitigate this vulnerability. If these virtual machines are not present in the environment, there is no action necessary:

NSX Edge Services Gateway
NSX Distributed Logical Router Control VM

Documentation on how to disable SSH for Edge Services Gateway VM - https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-1EA25D37-F1C7-45C8-AEBA-A555ACC972BC.html
Documentation on how to disable SSH for Distributed Logical Router Control VM - https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-A20103B0-ABA1-4884-8EC3-287874E23181.html

VMware recommends only enabling SSH access to these virtual machines in the case of troubleshooting purposes only.

Feedback

thumb_up Yes

thumb_down No