Table of Contents
  • Home
    • /
  • Blog
    • /
  • How to Fix CVE-2023-20858- An Injection Vulnerability in VMware Carbon Black App Control Server?
Arun KL
February 24, 2023
|
4m

How to Fix CVE-2023-20858- An Injection Vulnerability in VMware Carbon Black App Control Server?

Vulnerabilities

How To Fix Cve 2023 20858 An Injection Vulnerability In Vmware Carbon Black App Control Server

VMware issued an advisory against a critical vulnerability in the VMware Carbon Black App Control server. The vulnerability tracked as CVE-2023-20858 has a CVSS score of 9.1 on the scale and is considered critical. according to the security researcher Jari Jääskelä, who disclosed this flaw and also disclosed two more vulnerabilities in March 2022 (CVE-2022-22951 and CVE-2022-22952, CVSS scores: 9.1), an attacker with privilege access can leverage this vulnerability access the underlying server operating system on the vulnerable versions of VMware Carbon Black App Control Server. Those who own the Carbon Black App Control Server should need to consider this vulnerability on a serious note and take measures against it. This article will show you how to fix CVE-2023-20858, a critical Injection Vulnerability in VMware Carbon Black App Control Server.

VMware Carbon Black App Control

VMware Carbon Black App Control is an application that is designed to monitor and protect various applications, harden systems against unwanted change, simplify the compliance process, and provide protection for corporate systems by letting them run only trusted and approved software on an organization’s critical systems. Some of its main features include:

  • Harden systems against unwanted change

  • Stop malware, ransomware, zero-day and non-malware attacks

  • Prevent unauthorized change with file-integrity monitoring, device control, and memory protection

  • Maintain continuous compliance for key frameworks

  • Monitor critical activity to assess risk

  •  Secure EOL systems with powerful application control policies

Summary Of CVE-2023-20858:

The flaw is an OS command injection vulnerability that allows an authenticated, privileged user to access the underlying server operating system due to improper input validation. The user should have access to the App Control administration interface over the network to perform remote code execution. The vulnerability is considered critical since it has a CVSS score of 9.1 out of 10 according to the Common Vulnerability Scoring System. Any user with privileges o the App Control administration console could exploit the vulnerability by sending specially crafted HTTP requests.

Associated CVE IDCVE-2023-20858
DescriptionAn OS command injection vulnerability in VMware Carbon Black App Control server due to improper input validation.
Associated ZDI ID
CVSS Score9.1 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)High
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

How to Fix CVE-2023-20858- An Injection Vulnerability in VMware Carbon Black App Control Server?

The advisory says the vulnerability affects VMware Carbon Black App Control Server versions 8.7.x, 8.8.x, and 8.9.x. If you are running a Carbon Black App Control server with any of these versions, we highly recommend upgrading to the patched versions, 8.7.8, 8.8.6, and 8.9.4

Note:

  1. These patches are only applicable to servers. Agents are not affected by these vulnerabilities.

  2. No reboots are required upon applying the patch. 

ProductVulnerable VersionOS PlatformFixed VersionRelease NotesBuild Number with Download LinkSHA256 Hash
8.9.xWindows8.9.48.9.4 Release Notes.8.9.4 Server Download Link225ffa912cd38b3ec75401df010f8086705a00eba046926f626b6111accb7d2a
AppC8.8.xWindows8.8.68.8.6 Release Notes8.8.6.2 Server Download Link40b3605bde4d17918c0382567d5dbf8a40479c1f1482201e959d25c88338c24c
AppC8.7.xWindows8.7.88.7.8 Release Notes8.7.8.3 Server Download Link6c544eb1262bc343436e36b3481e7bae54a4cb0772b6f4c78dfe8f078b848499

How To Upgrade VMware Carbon Black App Control Serve?

Please refer to this VMware Carbon Black App Control

for more details.

We hope this post would help you know how to fix CVE-2023-20858, a critical Injection Vulnerability in VMware Carbon Black App Control Server. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this. 

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Books

Books

Videos

Videos

Courses

Courses

Certifications

Certifications

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Cyber Security - Books

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe