VMware fixes critical vulnerabilities in Carbon Black App Control

VMware has updated its Carbon Black App Control (AppC) software and fixes two critical vulnerabilities that allow third-party code to execute code on a Windows server.

Comprehensive application management platform VMware Carbon Black App Control combines whitelisting of allowed programs, file integrity monitoring, full-featured device management and memory protection. The solution allows the server administrator, using a single agent, to control changes, block unverified applications in critical systems, and also maintain compliance with industry security standards.

Both RCE vulnerabilities identified in AppC were rated by the vendor at 9.1 points out of 10 possible on the CVSS scale. The exploit in both cases requires network access to the administration interface and the appropriate rights. This means that only an attacker who has stolen the admin account or a corrupt insider with high access privileges can take advantage of the loophole.

CVE-2022-22951 is described as being due to inadequate validation of user input and is characterized as a command injection capability.

The reason for the appearance of CVE-2022-22952 is the weakness in the control of uploading files to the server.

Vulnerabilities have been confirmed for AppC branches 8.5.x, 8.6.x, 8.7.x and 8.8.x. The patches are included in updates 8.5.14, 8.6.6, 8.7.4 and 8.8.2 respectively.

Last year, VMware patched up an equally critical hole in another member of the family – Carbon Black Cloud Workload. This locally installed product is responsible for communication between the vCenter server on the internal network and the cloud-based VM security monitoring platform. The presence of a vulnerability allowed an unprivileged user to bypass access restrictions and break this connection, suspending the work of protective mechanisms.

Let me remind you that we also wrote that Information security specialists discovered attacks on a critical vulnerability in VMware vCenter.