image
A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The bug (CVE-2021-21982) ranks 9.1 out of 10 on the CVSS vulnerability-severity scale. The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defense for virtual servers and workloads that are hosted on the VMware’s vSphere platform. vSphere is VMware’s cloud-computing virtualization platform. The issue in the appliance stems from incorrect URL handling, according to VMware’s advisory issued last week. “A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication,” the company noted. “An adversary who has already gained network access to the administrative interface of the appliance may be able to obtain a valid authentication token.” That in turn would allow the attacker to access the administration API of the appliance. Once signed in as an admin, the attacker could then view and alter administrative configuration settings. Depending on what tools an organization has deployed within the environment, an adversary could carry out a range of attacks, including code execution, disabling security monitoring, enumerating virtual instances within a private cloud and more. “A remote attacker could exploit this vulnerability to take control of an affected system,” said the Cybersecurity and…

Source