VMware has fixed two dangerous vulnerabilities in the Carbon Black security tool

Source: https://cobaltstrike.net/2022/03/24/vmware-has-fixed-two-dangerous-vulnerabilities-in-the-carbon-black-security-tool/

VMware has fixed vulnerabilities in the implementation of OS commands and file downloads in its Carbon Black App Control security product for Windows.

Both problems received a score of 9.1 points out of the maximum 10 on the CVSS scale. Exploiting vulnerabilities allows you to execute arbitrary commands on a Windows-based system to deploy malware, steal data, or scan the network. In both cases, the attacker must log in with administrator rights or a user with high privileges.

VMware representatives did not say whether these vulnerabilities are actively exploited in real attacks.

Both vulnerabilities affect the VMware Carbon Black App Control product, an agent-based data center protection tool that allows system administrators to block servers and prevent any unwanted changes or interference with important systems.

The OS command injection vulnerability (CVE-2022-22951) may allow an authorized attacker with high privileges and network access to the VMware App Control administration interface to remotely execute commands on the server.

The second problem (CVE-2022-22952) may allow an attacker with administrative access to download a specially created file and then execute malicious code on a Windows system running an application management server.

Start a discussion …