[BreachExchange] Critical Auth Bypass Bug Affects VMware Carbon Black App Control
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Thu Jun 24 09:54:16 EDT 2021
https://thehackernews.com/2021/06/critical-auth-bypass-bug-affects-vmware.html
VMware has rolled out security updates to resolve a critical flaw affecting
Carbon Black App Control that could be exploited to bypass authentication
and take control of vulnerable systems.
The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in
severity by the industry-standard Common Vulnerability Scoring System
(CVSS) and affects App Control (AppC) versions 8.0.x, 8.1.x, 8.5.x, and
8.6.x.
Carbon Black App Control is a security solution designed to lock down
critical systems and servers to prevent unauthorized changes in the face of
cyber-attacks and ensure compliance with regulatory mandates such as
PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC.
"A malicious actor with network access to the VMware Carbon Black App
Control management server might be able to obtain administrative access to
the product without the need to authenticate," the California-based cloud
computing and virtualization technology company said in an advisory.
CVE-2021-21998 is the second time VMware is addressing an authentication
bypass issue in its Carbon Black endpoint security software. Earlier this
April, the company fixed an incorrect URL handling vulnerability in the
Carbon Black Cloud Workload appliance (CVE-2021-21982) that could be
exploited to gain access to the administration API.
That's not all. VMware also patched a local privilege escalation bug
affecting VMware Tools for Windows, VMware Remote Console for Windows (VMRC
for Windows), and VMware App Volumes (CVE-2021-21999, CVSS score: 7.8) that
could allow a bad actor to execute arbitrary code on affected systems.
"An attacker with normal access to a virtual machine may exploit this issue
by placing a malicious file renamed as 'openssl.cnf' in an unrestricted
directory which would allow code to be executed with elevated privileges,"
VMware noted.
VMware credited Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure and Hou
JingYi (@hjy79425575) of Qihoo 360 for reporting the flaw.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210624/ab54d705/attachment.html>
More information about the BreachExchange
mailing list