VMware released this week, software updates to address two critical security vulnerabilities, CVE-2022-22951 and CVE-2022-22952 (both received a CVSS score of 10), affecting its Carbon Black App Control platform that could be exploited by a threat actor to execute arbitrary code on affected installations on Windows systems.
The Carbon Black App Control is an application that allows listing solution that is designed to enable security operations teams to lock down new and legacy systems against unwanted change, simplify the compliance process, and provide protection for corporate systems.
The vulnerabilities were reported by security researchers Jari Jääskelä.
“Multiple vulnerabilities in VMware Carbon Black App Control were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.” reads the advisory published by VMware.
The issues could be only exploited by authenticated attackers with high privileges.
The first bug, tracked as CVE-2022-22951, is an OS command injection vulnerability in Carbon Black App Control. The issue is due to improper input validation leading to remote code execution.
“An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution.” reads the advisory.
The second flaw, tracked as CVE-2022-22952, is a file upload vulnerability in VMware Carbon Black App Control. An attacker can trigger the flaw by uploading a specially crafted file.
“A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.” continues the advisory.
Impacted versions are 8.5.x, 8.6.x, 8.7.x, and 8.8.x, the virtualization giant addressed the flaws with the release of versions 8.5.14, 8.6.6, 8.7.4, and 8.8.2. Customers are recommended to install security updates immediately.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Carbon Black App Control)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.