CVE-2020-3993

Name of the Vulnerable Software and Affected Versions: VMware NSX-T versions 3.x before 3.0.2 VMware NSX-T versions 2.5.x before 2.5.2.2.0

Description: The issue exists in the way VMware NSX-T allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. The vulnerability is related to incorrect security requirements, which can allow a remote attacker to implement a man-in-the-middle attack.

Recommendations: For versions 3.x before 3.0.2, update to version 3.0.2 or later. For versions 2.5.x before 2.5.2.2.0, update to version 2.5.2.2.0 or later. As a temporary workaround, consider restricting access to the NSX manager to minimize the risk of exploitation.