VMware NSX Lastline Defender Hosted is not impacted by CVE-2021-44228. While the product captures inputs from untrusted sources (e.g., network traffic captured on a customer network) and stores parts of this data in Elasticsearch, our analysis shows that attackers cannot exploit the vulnerability to their advantage, as data is stored in Elasticsearch but not logged using the vulnerable framework. Furthermore, while authenticated Lastline customers may indirectly interact with Elasticsearch by performing queries against the product search API or via Kibana, no user-provided data is used in the vulnerable component: Elastic issued a
statement saying that Elasticsearch is not vulnerable to the Remote Code Execution (RCE) vulnerability , and our analysis determined that no user data is sent directly to Elasticsearch, which also prevents the related Server Side Request Forgery (SSRF) attack that Elasticsearch would otherwise be vulnerable to.
To avoid any confusion or risk, we have released a patch to all customer cloud services. Lastline Defender Sensor appliances are not affected by the vulnerability.
This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
• CVE-2021-44228 –
VMSA-2021-0028