Get in Touch
Please get in touch using the form below.
Critical vulnerabilities in Carbon Black
Overview
VMware has released updates to address two critical vulnerabilities in their Carbon Black App Control. The first (CVE-2022-22951) is a command injection vulnerability in the admin interface, whereas the second (CVE-2022-22952) is a file upload vulnerability.
Impact
An authenticated user could gain access to the server and execute code.
Affected Products
Carbon Black App Control. This was fixed in these versions: – 8.8.2 – 8.7.4 – 8.6.6 – 8.5.14.
Containment, Mitigations & Remediations
Update to the latest version.
Indicators of Compromise
No IOCs have been released for these vulnerabilities.
Threat Landscape
There is currently no known exploit for this vulnerability in the wild, however, its disclosure is likely to trigger malicious actors to reverse engineer the patch to better understand the vulnerability and to develop an exploit for it. The desirability to do so will also be great. VMware Horizon is being actively targeted by threat actors as a method of ingress for multiple groups with different motives, but primarily ransomware. When tied to the potential for manipulating systems in place to protect such infrastructure, such as Carbon Black, from attack and to evade detection, threat actors will prioritise the development of this exploit to help them achieve their goals.
Mitre Methodologies
T1210 – Exploitation of remote services