Critical Auth Bypass Bug Affects VMware Carbon Black App Control

VMware has rolled out stability updates to solve a important flaw affecting Carbon Black App Handle that could be exploited to bypass authentication and choose manage of susceptible techniques.

The vulnerability, recognized as CVE-2021-21998, is rated 9.4 out of 10 in severity by the business-typical Prevalent Vulnerability Scoring Procedure (CVSS) and influences App Regulate (AppC) variations 8..x, 8.1.x, 8.5.x, and 8.6.x.

Carbon Black App Command is a security answer designed to lock down significant programs and servers to protect against unauthorized alterations in the experience of cyber-attacks and assure compliance with regulatory mandates this sort of as PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC.

Stack Overflow Teams

“A destructive actor with network entry to the VMware Carbon Black App Command administration server may well be equipped to obtain administrative obtain to the item devoid of the need to have to authenticate,” the California-based cloud computing and virtualization engineering firm reported in an advisory.

CVE-2021-21998 is the next time VMware is addressing an authentication bypass challenge in its Carbon Black endpoint stability software. Before this April, the enterprise preset an incorrect URL dealing with vulnerability in the Carbon Black Cloud Workload equipment (CVE-2021-21982) that could be exploited to achieve access to the administration API.

Which is not all. VMware also patched a nearby privilege escalation bug impacting VMware Instruments for Home windows, VMware Remote Console for Home windows (VMRC for Home windows), and VMware Application Volumes (CVE-2021-21999, CVSS score: 7.8) that could let a bad actor to execute arbitrary code on impacted devices.

Prevent Ransomware Attacks

“An attacker with usual obtain to a digital machine could exploit this challenge by placing a malicious file renamed as ‘openssl.cnf’ in an unrestricted listing which would permit code to be executed with elevated privileges,” VMware noted.

VMware credited Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure and Hou JingYi (@hjy79425575) of Qihoo 360 for reporting the flaw.

Fibo Quantum