Table of Contents
March 24, 2022
|4m
How To Fix CVE-2022-22951(2)- Critical Vulnerabilities In VMware Carbon Black App Control Server
VMware issued an advisory against a couple of critical vulnerabilities in the VMware Carbon Black App Control server. The vulnerabilities tracked as CVE-2022-22951 and CVE-2022-22952 have a CVSS score of 9.1 and are considered critical. Attackers can leverage these vulnerabilities to carry out remote code execution on the vulnerable versions of VMware Carbon Black App Control Server. There is a need to fix these vulnerabilities. This article will show you how to fix CVE-2022-22951(2), Critical Vulnerabilities in VMware Carbon Black App Control Server.
VMware Carbon Black App Control
VMware Carbon Black App Control is an application that is designed to monitor and protect various applications, harden systems against unwanted change, simplify the compliance process, and provide protection for corporate systems by letting to run only trusted and approved software on an organization’s critical systems. Some of its main features include:
Harden systems against unwanted change
Stop malware, ransomware, zero-day and non-malware attacks
Prevent unauthorized change with file-integrity monitoring, device control, and memory protection
Maintain continuous compliance for key frameworks
Monitor critical activity to assess risk
Secure EOL systems with powerful application control policies
List Of Vulnerabilities In VMware Carbon Black App Control Server
CVE-2022-22951: An OS command injection vulnerability in VMware Carbon Black App Control server
CVE-2022-22952: A File upload vulnerability in VMware Carbon Black App Control server
Summary Of CVE-2022-22951:
The flaw is an OS command injection vulnerability that allows an authenticated, high privileged user to execute commands on the server due to improper input validation. The user should have access to the App Control administration interface over the network to perform remote code execution. The vulnerability is considered critical since it has a CVSS score of 9.1 out of 10 according to the Common Vulnerability Scoring System.
| Associated CVE ID | CVE-2022-22951 |
| Description | An OS command injection vulnerability in VMware Carbon Black App Control server due to improper input validation. |
| Associated ZDI ID | – |
| CVSS Score | 9.1 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | High |
| User Interaction (UI) | None |
| Scope | Changed |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
Summary of CVE-2022-22952:
The flaw is a file upload vulnerability that allows a user with administrative access to the VMware App Control administration interface to execute code on the Windows machine on which the App Control is hosted. This flaw can be abused just by uploading a specially crafted file on the vulnerable version of the App Control server to perform remote code execution. The vulnerability is considered critical since it has a CVSS score of 9.1 out of 10 according to the Common Vulnerability Scoring System.
| Associated CVE ID | CVE-2022-22952 |
| Description | A File upload vulnerability in VMware Carbon Black App Control server by uploading a specially crafted file. |
| Associated ZDI ID | – |
| CVSS Score | 9.1 Critical |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | High |
| User Interaction (UI) | None |
| Scope | Changed |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
How To Fix CVE-2022-22951(2)- Critical Vulnerabilities In VMware Carbon Black App Control Server?
The advisory says both vulnerabilities affect VMware Carbon Black App Control Server versions 8.5.x, 8.6.x, 8.7.x, and 8.8.x. If you are running a CB App Control server with any of these versions, we highly recommend upgrading to the patched versions, 8.5.14, 8.6.6, 8.7.4, and 8.8.2.
Note:
These patches are only applicable to servers. Agents are not affected by these vulnerabilities.
No reboots are required upon applying the patch.
| Product | Vulnerable Version | OS Platform | Fixed Version | Build Number | Download Link | SHA256 Hash |
|---|---|---|---|---|---|---|
| AppC | 8.8.x | Windows | 8.8.2 | 8.8.2.192 Release Note | 8.8.2 Link | 6268bf2b48543d16dd7dbea0230e7a3dc64ada2b6b67b5baff4986de61e2ca37 |
| AppC | 8.7.x | Windows | 8.7.4 | 8.7.4.4 Release Note | 8.7.4 Link | 6874cf5c0b94f77ba1064134f63527dceac8510afd761f78ce0f0552c0939bb3 |
| AppC | 8.6.x | Windows | 8.6.6 | 8.6.6.4 Release Note | 8.6.6 Link | 8c223765a39d3362b7f0a8eed6cef650b2efc0208eccaa8dfc75936bc5ae1d4e |
| AppC | 8.5.x | Windows | 8.5.14 | 8.5.14.4 Release Note | 8.5.14 Link | 96b874fa2541a50b3e4c5c3c79acc07fb523ea2d97c8665f9509e3d2f32b8b9c |
How To Upgrade VMware Carbon Black App Control Serve?
Please refer to this VMware Carbon Black App Control
for more details.
We hope this post would help you know How to Fix CVE-2022-22951(2)- Critical Vulnerabilities in VMware Carbon Black App Control Server. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- April 18, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- April 18, 2024
