VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

Pierluigi Paganini March 24, 2022

VMware addressed two critical arbitrary code execution vulnerabilities affecting its Carbon Black App Control platform.

VMware released this week, software updates to address two critical security vulnerabilities, CVE-2022-22951 and CVE-2022-22952 (both received a CVSS score of 10), affecting its Carbon Black App Control platform that could be exploited by a threat actor to execute arbitrary code on affected installations on Windows systems.

The Carbon Black App Control is an application that allows listing solution that is designed to enable security operations teams to lock down new and legacy systems against unwanted change, simplify the compliance process, and provide protection for corporate systems.

The vulnerabilities were reported by security researchers Jari Jääskelä.

“Multiple vulnerabilities in VMware Carbon Black App Control were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.” reads the advisory published by VMware.

The issues could be only exploited by authenticated attackers with high privileges.

The first bug, tracked as CVE-2022-22951, is an OS command injection vulnerability in Carbon Black App Control. The issue is due to improper input validation leading to remote code execution.

“An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution.” reads the advisory.

The second flaw, tracked as CVE-2022-22952, is a file upload vulnerability in VMware Carbon Black App Control. An attacker can trigger the flaw by uploading a specially crafted file.

“A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.” continues the advisory.

Impacted versions are 8.5.x, 8.6.x, 8.7.x, and 8.8.x, the virtualization giant addressed the flaws with the release of versions 8.5.14, 8.6.6, 8.7.4, and 8.8.2. Customers are recommended to install security updates immediately.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Carbon Black App Control)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment