Security news that informs and inspires

VMware Fixes Critical Authentication Bypass in Carbon Black App Control

VMware has released updates to fix a critical authentication bypass vulnerability that affects several versions of its Carbon Black App Control management server.

App Control is designed to act as a controller for which applications are allowed to run on protected machines. It works as a whitelisting tool, ensuring that only approved applications can run on servers or endpoints. The vulnerability (CVE-2021-21998) could allow a remote attacker to gain access to the App Control management server without any requirement for authentication.

“The VMware Carbon Black App Control management server has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate,” the VMware advisory says.

The bug affects versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x of the software running on Windows machines.

In addition to the authentication bypass flaw, VMware fixed a separate local privilege escalation vulnerability in several other products, including VMware Tools for Windows, VMware Remote Console, and VMware App Volumes. The bug affects several versions of the apps on Windows and other platforms.

“An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges,” the VMware advisory says.