As documented in VMSA-2022-0027 , all versions for VMware NSX Data Center for vSphere (NSX-V) prior to NSX-V 6.4.14 appliances are affected by the vulnerabilities listed in the advisory.
All the VMware Cloud Foundation(VCF) 3.x versions are similarly impacted by the vulnerabilities listed in the advisory.
VMware Cloud Foundation Versions |
Upgrade Options |
Prior to VCF 3.9.1 |
Upgrade to 3.11.0.1 or later and apply the steps in the workaround section of this article. |
VCF 3.9.1 and above |
Apply the steps in the Workaround section of this article. |
To workaround the issue, please follow the below mentioned steps:
Step 1: Perform below steps on each VMware NSX-V instance deployed in your VMware Cloud Foundation environment
Apply the NSX-v 6.4.14 patch available at the Product Patch page to all NSX-V instances (Management & VI Domain) in the environment.
Step 2: Perform below steps on each SDDC Manager VM deployed in your Cloud Foundation environment
Login to SDDC manager Virtual Machine via SSH and sudo to root account
Verify the NSX-V version on the inventory
root@sddc-manager [ /home/vcf ]# curl localhost/inventory/nsxmanagers | json_pp
"id" : "<<NSX-v ID>>",
"version" : "<<Current NSX-v Version>>",
"status" : "ACTIVE",
"hostName" : "nsxManager.vrack.vsphere.local",
"domainId" : "dc5318d3-0f98-430a-9f49-2b33bbe97630",
"managementIpAddress" : "10.0.0.9",
"vmName" : "nsxManager",
"vcenterId" : "995a88d4-d6b9-4b97-b6dc-ed72cce23976"
Please note the following details
The field "id" in response, corresponds to <<NSX-V ID>>.
The "version" field for each of the NSX-v provides the<<Current NSX-v Version>>.
API to update NSX-v hot patch version: 6.4.14-20609341
root@sddc-manager [ /home/vcf ]# curl -X PATCH 'localhost/inventory/entities/<<NSX-v ID>>' -d '{"version":"6.4.14-20609341", "type":"NSXMANAGER"}' -H 'Content-Type:application/json'
Verify the NSX-V Version
root@sddc-manager [ /home/vcf ]# curl localhost/inventory/nsxmanagers | json_pp
[
{
"managementIpAddress" : "10.0.0.9",
"id" : "82cd67f9-77d5-4ff6-a3b3-fa4415492160",
"opaqueBlob" : "...",
"status" : "ACTIVE",
"vmName" : "nsxManager",
"hostName" : "nsxManager.vrack.vsphere.local",
"version" : "6.4.14-20609341",
"vcenterId" : "995a88d4-d6b9-4b97-b6dc-ed72cce23976"
}
]
Note: Every time a new VI workload domain is created, these steps need to be performed.