CVE-2022-22945 VMware NSX Edge contains a CLI shell injection vulnerability

CVE-2022-22945 VMware NSX Edge contains a CLI shell injection vulnerability

This can lead to full system compromise. To prevent such scenario, it is recommended to limit SSH access to NSX-Edge appliances to trusted parties. NSX-t tools are available to monitor the health of your Edge gateways and update the master controller if the gateway is down. You can also use monitoring and alerting tools to monitor for anomalous behaviour of your virtual networking infrastructure. For example, you can create an alert that monitors for a sudden increase in ARP replies and click on a link to investigate the cause.

NSX-t: Monitoring tools

The NSX-t monitoring and alerting tools provide additional visibility into your NSX-Edge appliance. These tools enable you to see the current state of your virtual networking infrastructure. You can see important metrics like the number of packets, bytes, and errors that are being sent or received by each Edge gateway. This can help you determine if there is a problem with your virtual networking infrastructure.
If you suspect something is wrong with one of your Edge gateways, you can use these tools to monitor for anomalous behaviour in the network traffic between two Edge gateways. For instance, you can set up an alert that monitors for sudden increases in ARP replies and click on a link to investigate the cause. If you think one of your Edge gateways might be compromised, you can use these tools to monitor for changes in firewall rules or other suspicious behaviour that would indicate an attack has taken place.

Checking NSX-T status of your Edge Gateways

The NSX-t monitoring and alerting tools are useful in monitoring your Edge gateways. You can use these tools to monitor the health of your Edge gateways, which will help you detect when an edge gateway is compromised. These tools will also alert you if anomalous behaviour is detected from your virtual networking infrastructure.
For example, let's say you want to create an alert that monitors for a sudden increase in ARP replies. You would use the NSX-t monitoring and alerting tool to monitor for such an event. The tool will look at the number of ARPs being responded to by the Edge gateway, and if it exceeds a certain threshold, it would send out an alert with an option to click on a link to investigate the cause.

NSX-T and Security Monitoring

The NSX-T platform is a powerful and flexible solution that simplifies the provisioning, security monitoring, and configuration of networking environments. It provides a feature rich interface for managing networking devices such as Edge routers and virtual machines. This allows you to manage your network infrastructures with ease.
Security monitoring is also simplified by NSX-T with the addition of new tools like intrusion detection (IDS) and firewall rules editor:
IDS detects when malicious behavior occurs in your network and alerts you to it so that you can take appropriate action. The rule editor provides an easy way to create rules for different security policies which you can use in conjunction with IDS.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe