Get in Touch
Critical vulnerabilities in Carbon Black
VMware has released updates to address two critical vulnerabilities in their Carbon Black App Control. The first (CVE-2022-22951) is a command injection vulnerability in the admin interface, whereas the second (CVE-2022-22952) is a file upload vulnerability.
An authenticated user could gain access to the server and execute code.
Carbon Black App Control. This was fixed in these versions: – 8.8.2 – 8.7.4 – 8.6.6 – 8.5.14.
Containment, Mitigations & Remediations
Update to the latest version.
Indicators of Compromise
No IOCs have been released for these vulnerabilities.
There is currently no known exploit for this vulnerability in the wild, however, its disclosure is likely to trigger malicious actors to reverse engineer the patch to better understand the vulnerability and to develop an exploit for it. The desirability to do so will also be great. VMware Horizon is being actively targeted by threat actors as a method of ingress for multiple groups with different motives, but primarily ransomware. When tied to the potential for manipulating systems in place to protect such infrastructure, such as Carbon Black, from attack and to evade detection, threat actors will prioritise the development of this exploit to help them achieve their goals.
T1210 – Exploitation of remote services