VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows access to the server without authentication.
Carbon Black App Control is designed for corporate environments, to harden the security of systems both old and new, and protect them against unauthorized modifications, such as those generated by malware or zero-day exploits.
Tracked as CVE-2021-21998, the vulnerability is an authentication bypass affecting VMware Carbon Black App Control (AppC) versions 8.0, 8.1, 8.5 before 8.5.8, and 8.6 before 8.6.2.
Threat actors with access to the AppC management server could exploit the bug to gain administrative privileges without the need to authenticate, informs the security advisory from VMware.https://www.ad-sandbox.com/static/html/sandbox.html
Given the role of the product in a corporate network, taking control of the AppC management server paves the way to compromising critical systems.
Also Read: The Difference Between GPDR and PDPA Under 10 Key Issues
Depending on the environment, an attacker could leverage the vulnerability to target anything from point-of-sales (PoS) to industrial control systems.
The severity score for the vulnerability has been calculated to 9.4, making it a critical issue that users and administrators should prioritize.
There are no workarounds available, and fixing the issue is possible by installing the hotfix available for AppC 8.1.x and 8.0.x, or updating to version 8.6.2 or 8.5.8 of the product.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| AppC | 8.6.x | Windows | CVE-2021-21998 | 9.4 | critical | 8.6.2 | None | None |
| AppC | 8.5.x | Windows | CVE-2021-21998 | 9.4 | critical | 8.5.8 | None | None |
| AppC | 8.1.x, 8.0.x | Windows | CVE-2021-21998 | 9.4 | critical | Hotfix | None | None |
Apart from fixing CVE-2021-21998, VMware also patched a local privilege escalation bug affecting VMware Tools for Windows, VMware Remote Console for Windows (VMRC for Windows), and VMware App Volumes.
The flaw is identified as CVE-2021-21999. It does not currently have a severity score from the National Institute of Standards and Technology (NIST) but VMware evaluated it at 7.8 (high severity).
“An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges,” – VMware
Credited for discovering and reporting CVE-2021-21999 are Zeeshan Shaikh from NotSoSecure working with Trend Micro Zero Day Initiative (ZDI) and Hou JingYi of Qihoo 360.
Also Read: PDPA Compliance Singapore: 10 Areas to Work on
CISA has also released an advisory, to encourage users and network administrators to check the latest security briefs from VMware and apply the updates.
Role of Enhanced Access Controls in Safeguarding Personal Data in Telecommunications that every Organisation in…
Effective Incident Response Procedures in Strengthening Data Security that every Organisation in Singapore should know…
Crucial Role of Regular Vulnerability Scanning that every Organisation in Singapore should know. Strengthening Your…
Enhancing Data Security with Multi-Factor Authentication that every Organisation in Singapore should know. Enhancing Data…
Strong Password Policy as a first line of defense against data breaches for Organisations in…
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
This website uses cookies.
