VMware Carbon Black App Control Injection Vulnerability (CVE-2023-20858)

Posted by Author Diksha Ojha on Posted on

VMware patched a critical severity vulnerability in its Carbon Black App Control Server. Assigned with CVE-2023-20858, the vulnerability could allow an attacker to gain complete control of the target system. The vulnerability has a CVSSv3 base score of 9.1. 
 
VMware Carbon Black App Control provides application control and critical 
infrastructure protection. The VMware product ensures that only trusted and approved software is allowed to execute on your critical systems and endpoints. 

Description

To exploit this vulnerability, an attacker must have privileged access to the App Control administration console. On successful exploitation, a remote authenticated attacker may be able to execute arbitrary code on the system by sending a specially crafted request. The vulnerability can be exploited in low-complexity attacks with high privileges. 
 
According to OWASP, an injection vulnerability enables an attacker to send malicious code to another system through an application. This may include compromising the backend systems of the vulnerable application and other clients linked to them.  
 
Some popular examples of injection vulnerability are: 

  • SQL Injection 
  • OS Command Injection 
  • Cross-Site Scripting (XSS) 

The injection vulnerability can allow an attacker to: 

  • compromise backend data stores 
  • compromise or hijack sessions of other users 
  • perform actions on behalf of other users or service 
  • execute operating system commands on a target system 
Affected versions

VMware Carbon Black App Control versions 8.7.x, 8.8.x, and 8.9.x running on windows are affected by this vulnerability. 

Mitigation

Customers are recommended to upgrade to VMware Carbon Black App Control versions 8.7.8, 8.8.6, and 8.9.4 to patch the vulnerability. For more information, please refer to VMware Security Advisory (VMSA-2023-0004) 

Qualys Detection

Qualys customers can scan their devices with QID 730738 to detect vulnerable assets. 
 
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.  
  
References 
https://owasp.org/www-community/Injection_Flaws  
https://www.vmware.com/security/advisories/VMSA-2023-0004.html  

Leave a Reply

Your email address will not be published. Required fields are marked *