• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-22951(2)- Critical Vulnerabilities In VMware Carbon Black App Control Server
How to Fix CVE-2022-22951(2)- Critical Vulnerabilities in VMware Carbon Black App Control Server

VMware issued an advisory against a couple of critical vulnerabilities in the VMware Carbon Black App Control server. The vulnerabilities tracked as CVE-2022-22951 and CVE-2022-22952 have a CVSS score of 9.1 and are considered critical. Attackers can leverage these vulnerabilities to carry out remote code execution on the vulnerable versions of VMware Carbon Black App Control Server. There is a need to fix these vulnerabilities. This article will show you how to fix CVE-2022-22951(2), Critical Vulnerabilities in VMware Carbon Black App Control Server.

VMware Carbon Black App Control

VMware Carbon Black App Control is an application that is designed to monitor and protect various applications, harden systems against unwanted change, simplify the compliance process, and provide protection for corporate systems by letting to run only trusted and approved software on an organization’s critical systems. Some of its main features include:

  • Harden systems against unwanted change
  • Stop malware, ransomware, zero-day and non-malware attacks
  • Prevent unauthorized change with file-integrity monitoring, device control, and memory protection
  • Maintain continuous compliance for key frameworks
  • Monitor critical activity to assess risk
  •  Secure EOL systems with powerful application control policies

List Of Vulnerabilities In VMware Carbon Black App Control Server

  1. CVE-2022-22951: An OS command injection vulnerability in VMware Carbon Black App Control server
  2. CVE-2022-22952: A File upload vulnerability in VMware Carbon Black App Control server

Summary Of CVE-2022-22951:

The flaw is an OS command injection vulnerability that allows an authenticated, high privileged user to execute commands on the server due to improper input validation. The user should have access to the App Control administration interface over the network to perform remote code execution. The vulnerability is considered critical since it has a CVSS score of 9.1 out of 10 according to the Common Vulnerability Scoring System.

Associated CVE IDCVE-2022-22951
DescriptionAn OS command injection vulnerability in VMware Carbon Black App Control server due to improper input validation.
Associated ZDI ID
CVSS Score9.1 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)High
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Summary of CVE-2022-22952:

The flaw is a file upload vulnerability that allows a user with administrative access to the VMware App Control administration interface to execute code on the Windows machine on which the App Control is hosted. This flaw can be abused just by uploading a specially crafted file on the vulnerable version of the App Control server to perform remote code execution. The vulnerability is considered critical since it has a CVSS score of 9.1 out of 10 according to the Common Vulnerability Scoring System.

Associated CVE IDCVE-2022-22952
DescriptionA File upload vulnerability in VMware Carbon Black App Control server by uploading a specially crafted file.
Associated ZDI ID
CVSS Score9.1 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)High
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

How To Fix CVE-2022-22951(2)- Critical Vulnerabilities In VMware Carbon Black App Control Server?

The advisory says both vulnerabilities affect VMware Carbon Black App Control Server versions 8.5.x, 8.6.x, 8.7.x, and 8.8.x. If you are running a CB App Control server with any of these versions, we highly recommend upgrading to the patched versions, 8.5.14, 8.6.6, 8.7.4, and 8.8.2. 

Note:

  1. These patches are only applicable to servers. Agents are not affected by these vulnerabilities.
  2. No reboots are required upon applying the patch. 
ProductVulnerable VersionOS PlatformFixed VersionBuild NumberDownload LinkSHA256 Hash
AppC8.8.xWindows8.8.28.8.2.192
Release Note
8.8.2 Link6268bf2b48543d16dd7dbea0230e7a3dc64ada2b6b67b5baff4986de61e2ca37
AppC8.7.xWindows8.7.48.7.4.4
Release Note
8.7.4 Link6874cf5c0b94f77ba1064134f63527dceac8510afd761f78ce0f0552c0939bb3
AppC8.6.xWindows8.6.68.6.6.4
Release Note
8.6.6 Link8c223765a39d3362b7f0a8eed6cef650b2efc0208eccaa8dfc75936bc5ae1d4e
AppC8.5.xWindows8.5.148.5.14.4
Release Note
8.5.14 Link96b874fa2541a50b3e4c5c3c79acc07fb523ea2d97c8665f9509e3d2f32b8b9c

How To Upgrade VMware Carbon Black App Control Serve?

Please refer to this VMware Carbon Black App Control Server Installation Guide for more details.

We hope this post will help you know How to Fix CVE-2022-22951(2)- Critical Vulnerabilities in VMware Carbon Black App Control Server. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.