<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=464741397436242&amp;ev=PageView&amp;noscript=1">

    VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

    On Wednesday, the cloud computing company VMware released software updates to patch two critical security vulnerabilities affecting its Carbon Black App Control platform. The vulnerabilities, if exploited, could be abused by threat actors to execute arbitrary code on affected installations in Windows systems.

    VMware Carbon Black App Control is an application allow listing solution that is designed to enable security operations teams to lock down servers and critical systems, prevent unwanted changes, and ensure continuous compliance with regulatory mandates.

    The vulnerabilities were reported to VMmare by security researcher Jari Jääskelä. Tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws have been rated a CVSS score of 9.1 out of 10, indicating a critical level of severity. The flaws affect Carbon Black App Control versions 8.5.x, 8.6.x, 8.7.x, and 8.8.x and have been remediated in versions 8.5.14, 8.6.6, 8.7.4, and 8.8.2.

    Analyst comments:
    The first vulnerability, tracked as CVE-2022-22951, has been described as a command injection vulnerability. Due to improper input validation, an authenticated, high privileged actor with network access to the VMware App Control could execute commands on the server, ultimately leading to remote code execution.

    The second vulnerability, tracked as CVE-2022-22952, relates to a file upload vulnerability. A threat actor with administrative access to the VMware App Control administration interface could upload a specially crafted file and achieve code execution on the Windows instance.

    That said, successful exploitation of the vulnerabilities banks on the prerequisite that the attacker is already logged in as an administrator or a highly privileged user.
    SOC as a ServiceMitigation:
    The vulnerabilities have been addressed by VMware in the latest versions of Carbon Black, 8.5.x, 8.6.x, 8.7.x, and 8.8.x. Users are advised to apply the these updates as soon as possible to prevent potential exploitation.