VMware announced on Thursday April 1 that it had fixed a CVSSv3 9.1 grade vulnerability in the VMware Carbon Black Cloud appliance, which could allow attackers to bypass authentication after exploiting vulnerable servers. Registered as CVE-2021-21982 and present in versions 1.0.1 and earlier, it was discovered by researcher Egor Dimitrenko, from Positive Technologies, who alerted VMware. The problem, as the company said, is that a URL in the VMware Carbon Black Cloud Workload device’s administrative interface could be manipulated to bypass authentication.
According to the VMware technical bulletin on mitigating the problem, “a malicious agent with access to the administrative interface of the appliance could obtain a valid authentication token, thereby gaining access to the administration API. Successful exploitation of this problem would result in the attacker’s ability to view and change administrative settings. ” In the bulletin, VMware recommended network control for access to the Cloud Workload administrative interface. CVE-2021-21982 can be exploited by attackers remotely, without the need for authentication or user interaction, in low complexity attacks.
Carbon Black Cloud Workload is Linux-based data center security software designed to protect workloads running in virtualized environments. It also includes endpoint protection features, including endpoint detection and response (EDR), state-of-the-art antivirus and real-time threat hunting.
As of Tuesday of last week, VMware had already fixed two other vulnerabilities also found by Egor Dimitrenko in the IT operations management platform vRealize Operations.
When chained, the two bugs detected lead to remote execution of pre-authentication code (RCE) on vulnerable vRealize Operations servers.
With international news agencies
See the original post at: https://www.cisoadvisor.com.br/vmware-corrige-no-carbon-black-falha-grave-em-solucao-para-data-center/?rand=59039