Critical Authentication Bypass Vulnerability Discovered in VMware Carbon Black App Control

June 24, 2021
VMware has released security updates addressing a significant vulnerability in Carbon Black App Control that could allow attackers to bypass authentication and potentially take control of affected systems. Labeled CVE-2021-21998, this flaw has received a severity score of 9.4 out of 10 according to the Common Vulnerability Scoring System (CVSS). It impacts App Control versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x. Carbon Black App Control serves as a security measure to protect critical systems and servers from unauthorized changes amidst cyber threats while ensuring compliance with regulations like PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC. “An attacker with network access to the VMware Carbon Black App Control management server may gain administrative access without needing authentication,” the California-based cloud computing and virtualization company stated in a recent advisory.

VMware Addresses Serious Authentication Flaw in Carbon Black App Control

On June 24, 2021, VMware announced the release of critical security updates designed to remediate a significant vulnerability in its Carbon Black App Control software. This flaw, designated as CVE-2021-21998, boasts a severity rating of 9.4 out of 10 according to the Common Vulnerability Scoring System (CVSS). The affected versions include App Control 8.0.x, 8.1.x, 8.5.x, and 8.6.x.

Carbon Black App Control serves as a vital security measure, aiming to secure critical systems and servers. It prevents unauthorized changes, thereby safeguarding organizations against cyber threats while also facilitating compliance with regulatory standards such as PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC. However, the reported vulnerability could be exploited by malicious actors to bypass authentication mechanisms, potentially granting them administrative access to vulnerable systems without requiring any form of authentication.

The advisory issued by VMware indicated that individuals with network access to the Carbon Black App Control management server could exploit this flaw, which poses a considerable risk to organizations reliant on this security solution. As a result, this vulnerability not only jeopardizes the integrity of the systems in question but also heightens the risk of compliance failures.

The implications of such an intrusion are alarming. Organizations could face unauthorized alterations to their security postures, exposing them to a wide range of cyber threats. Given the critical role that App Control plays in regulating system changes, this vulnerability could facilitate various adversarial tactics, including initial access and privilege escalation.

In the context of the MITRE ATT&CK framework, potential tactics related to this vulnerability could include exploitation of remote services to gain entry into the system and actions aimed at achieving persistence within the infrastructure. Such techniques underscore the necessity for organizations to remain vigilant and proactive in updating their systems and monitoring network activity.

As cyber threats continue to evolve, the importance of timely updates and a comprehensive understanding of security vulnerabilities cannot be overstated. Business owners must prioritize these updates to fortify their defenses against potential exploitation. The situation serves as a reminder of the ever-present need for robust cybersecurity measures in an increasingly complex digital landscape.

Source link

Related Posts

Microsoft Edge Vulnerability Could Have Allowed Hackers to Access Your Data on Any Website

On June 28, 2021, Microsoft released updates for the Edge browser addressing two security flaws, one of which involves a critical security bypass vulnerability. This flaw could potentially allow hackers to inject and execute arbitrary code across all websites. Identified as CVE-2021-34506 (CVSS score: 5.4), the issue is rooted in a universal cross-site scripting (UXSS) vulnerability that occurs when the browser’s automatic translation feature, powered by Microsoft Translator, is used. The vulnerability was discovered and reported by Ignacio Laurence along with Vansh Devgan and Shivam Kumar Singh from CyberXplore Private Limited. CyberXplore researchers explained, “Unlike conventional XSS attacks, UXSS exploits client-side vulnerabilities in the browser or extensions to create an XSS condition and run malicious code.”

Researchers Release PoC Exploit for Critical Windows RCE Vulnerability

On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.

Microsoft Alerts Users to Critical “PrintNightmare” Vulnerability Under Active Exploitation

On July 2, 2021, Microsoft confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability in the Windows Print Spooler differs from a previously addressed issue in its recent Patch Tuesday update. The company has observed active attempts to exploit this flaw, tracked under CVE-2021-34527, with a severity rating of 8.8 on the CVSS scale. All Windows versions are affected by this vulnerability. Microsoft stated, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.” Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges, enabling them to install programs, manipulate data, or create accounts with full user rights.

Microsoft Releases Urgent Patch for Critical PrintNightmare Vulnerability in Windows

Microsoft has issued an emergency out-of-band security update to address a critical zero-day vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler service. This flaw, tracked as CVE-2021-34527 (with a CVSS score of 8.8), enables remote threat actors to execute arbitrary code and potentially seize control of affected systems. The issue impacts all supported versions of Windows, and the company recently reported active exploitation attempts targeting this vulnerability. According to the CERT Coordination Center, the Windows Print Spooler service does not adequately restrict access to functionalities that allow users to add printers and drivers, thus enabling a remote authenticated attacker to execute arbitrary code with SYSTEM privileges. Notably, PrintNightmare encompasses both remote code execution and local privilege escalation vectors that could be exploited in various attacks.