NSX-v Apache Log4j voulnerability patching steps

This article will discuss critical vulnerabilities in Apache Log4j identified by CVE-2021-44228 and CVE-2021-45046 in VMware NSX-V.

Overall steps desctibed on the VMware official page, however, I had to search some details separatly to apply and test the patch.

Lets go trough the steps:

 

1. Take a backup of your NSX-V Manager. This is always important step. One day it will save your live :), so please take time and do it properly.

2. Download the patch file from official VMware website signed_bsh_fix_log4j.encoded

 

To confirm the voulnerability is present, we need to initiate test attack to the NSX-V manager.

Voulnerabiluty code will be sent by POSTMAN and result of the NSX-V behavior will be caprured by TCPDUMP running directly on the NSX-V manager.

 

1. SSH to the NSX-V to the root level (Engineering mode).

Additional information how to login in Engineering mode could be found here: https://austit.com/faq/324-nsx-engeneering-mode

If you experiencing isssues with SSH connectivity to the NSX-V manager, some troubleshooting steps could be found here: https://austit.com/faq/353-nsx-v-enable-ssh

2. Run next tcpdump command:
tcpdump -i lo -s 1500 -XX port 389

3. Using POSTMAN, post REST API to https://<NSX-Manager-IP>/api/2.0/services/securitygroup/globalroot-0

4. My result after th POST request on the POSTMAN:

5. My result fot TCPDUMP automatically appeared on the screen (patched system should not capture any traffic):

 

1. Using POSTMAN, post REST API to https://<NSX-Manager-IP>/api/1.0/services/debug/script