A critical security vulnerability affecting the Carbon Black App Control has been patched by VMware that could be abused to gain access to vulnerable systems by bypassing authentication defenses.
Patching a critical authentication bypass:
To the unaware, VMware’s Carbon Black App Control is a cybersecurity defense that is architectured to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates like the PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC.
VMware also released a security advisory addressing the critical vulnerability. “A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate,” noted the organization in its advisory.
The bug tracked as CVE-2021-21998, has scored a CVSS rating of 9.4 out of 10, and has been detected to have affected App Control (AppC) versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x.
Reportedly, this bug is not the first vulnerability that VMware had to address an authentication bypass bug in its Carbon Black App Control.
Other bugs fixed by VMware:
Reportedly, this bug is not the first vulnerability that the organization had to address. A scenario where VMware had to address a security patch for a similar authentication bypass vulnerability in its Carbon Black App Control systems has also occurred before.
Back in April, the organization issued a fix for an incorrect URL handling bug, tracked as CVE-2021-21982 which affected the Carbon Black Workload appliance that could be abused to access the administration API.
The technology company also fixed a local privilege escalation bug affecting VMware Tools for Windows, VMware Remote Console for Windows (VMRC for Windows), and VMware App Volumes (CVE-2021-21999, CVSS score: 7.8) that could allow a bad actor to execute arbitrary code on affected systems.
“An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as ‘openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges,” the organization noted.