Author: Melodie Foster
Date: 9th April 2021
A critical vulnerability found in VMWare’s Carbon Black Cloud Workload appliance, if successfully exploited, could allow an attacker to bypass authentication and take control of vulnerable systems.
The flaw has been given a CVSS score of 9.1 out of 10, making it critical. The vulnerability stems from incorrect URL handling where “a URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication,” VMware stated in its advisory. It would allow an attacker with network access to the interface to be able to gain access to the administrative API of the appliance.
Once the attacker has signed in as an admin, they could be able to carry out a range of attacks such as code execution and disabling security monitoring, they would also be able to view and alter the administrative configuration settings.
The vulnerability affects all versions prior to 1.0.1 and are therefore recommended to upgrade to the latest version which as of writing is 1.0.2. Users are also urged by VMware to limit access to the local administrative interface of the appliance to only those who need it.
Arcturus Deep Dives
Arcturus cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >