Author: Melodie Foster

Date: 9th April 2021

 

A critical vulnerability found in VMWare’s Carbon Black Cloud Workload appliance, if successfully exploited, could allow an attacker to bypass authentication and take control of vulnerable systems.

The flaw has been given a CVSS score of 9.1 out of 10, making it critical. The vulnerability stems from incorrect URL handling where “a URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication,” VMware stated in its advisory. It would allow an attacker with network access to the interface to be able to gain access to the administrative API of the appliance.

Once the attacker has signed in as an admin, they could be able to carry out a range of attacks such as code execution and disabling security monitoring, they would also be able to view and alter the administrative configuration settings.

The vulnerability affects all versions prior to 1.0.1 and are therefore recommended to upgrade to the latest version which as of writing is 1.0.2. Users are also urged by VMware to limit access to the local administrative interface of the appliance to only those who need it.[1]

[1] https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html

Other resources

Cyber Success Stories

Arcturus cybersecurity consultants work with everyone from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here.
Find out more >

What can Arcturus do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Arcturus Deep Dives

Arcturus cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Receive knowledge to your inbox