VMware has addressed a important vulnerability within the VMware Carbon Black Cloud Workload equipment that would enable attackers to bypass authentication after exploiting susceptible servers.
VMware Carbon Black Cloud Workload is a Linux knowledge heart safety software program designed to guard workloads operating in virtualized environments.
It additionally bundles endpoint safety capabilities, together with endpoint detection and response (EDR), next-gen antivirus, and real-time risk searching.
This safety vulnerability impacts VMware Carbon Black Cloud Workload equipment model 1.0.1 and earlier.
Admin interface exploitable for auth bypass
Attackers can exploit the safety vulnerability tracked as CVE-2021-21982 by manipulating an administrative interface URL to acquire legitimate authentication tokens.
Utilizing this auth token, the malicious actor can then entry the administration API of unpatched VMware Carbon Black Cloud Workload home equipment.
Efficiently exploiting the safety flaw allows the attacker to view and modify administrative configuration settings.
CVE-2021-21982 may be exploited by attackers remotely with out requiring authentications or person interplay in low complexity assaults.
VMware evaluated the safety bug as important severity, assigning it a CVSSv3 base rating of 9.1/10.
The vulnerability was found and privately reported to VMware by Optimistic Applied sciences internet safety researcher Egor Dimitrenko.
Mitigation additionally accessible
VMware has additionally issued mitigation info for admins who cannot instantly patch their VMware Carbon Black Cloud Workload home equipment.
Eradicating distant entry to the equipment’s native admin interface is sufficient to take away the assault vector as the corporate advises.
“VMware greatest practices suggest implementing community controls to restrict entry to the native administrative interface of the equipment,” the corporate mentioned.
“Unrestricted community entry to this interface is just not required for the common operation of the product.”
On Tuesday, VMware patched two other vulnerabilities discovered by Dimitrenko within the vRealize Operations IT operations administration platform.
When chained collectively, the 2 bugs result in pre-auth distant code execution (RCE) on susceptible vRealize Operations servers.