VMware fixes critical vulnerabilities in Carbon Black App Control

Carbon Black App Control
Written by Emma Davis

VMware has updated its Carbon Black App Control (AppC) software and fixes two critical vulnerabilities that allow third-party code to execute code on a Windows server.

Since this product is used to protect data centers and critical systems, users are strongly advised to apply patches.

Comprehensive application management platform VMware Carbon Black App Control combines whitelisting of allowed programs, file integrity monitoring, full-featured device management and memory protection. The solution allows the server administrator, using a single agent, to control changes, block unverified applications in critical systems, and also maintain compliance with industry security standards.

Both RCE vulnerabilities identified in AppC were rated by the vendor at 9.1 points out of 10 possible on the CVSS scale. The exploit in both cases requires network access to the administration interface and the appropriate rights. This means that only an attacker who has stolen the admin account or a corrupt insider with high access privileges can take advantage of the loophole.

CVE-2022-22951 is described as being due to inadequate validation of user input and is characterized as a command injection capability.

An attacker looking to exploit the bug needs to be authenticated as a high-privileged user and requires network access to the App Control interface in order to execute commands on the server.Ionut Arghire of SecurityWeek writes about this issue.

The reason for the appearance of CVE-2022-22952 is the weakness in the control of uploading files to the server.

Vulnerabilities have been confirmed for AppC branches 8.5.x, 8.6.x, 8.7.x and 8.8.x. The patches are included in updates 8.5.14, 8.6.6, 8.7.4 and 8.8.2 respectively.

Last year, VMware patched up an equally critical hole in another member of the family – Carbon Black Cloud Workload. This locally installed product is responsible for communication between the vCenter server on the internal network and the cloud-based VM security monitoring platform. The presence of a vulnerability allowed an unprivileged user to bypass access restrictions and break this connection, suspending the work of protective mechanisms.

Let me remind you that we also wrote that Information security specialists discovered attacks on a critical vulnerability in VMware vCenter.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.