Dirmann Technology Consultants

Vulnerability Discovered in VMware Carbon Black

Team:

Earlier today, VMware released an advisory for their Carbon Black product. It hits hard at a grueling 9.1 rating on CSSv3. It’s a remote code execution vulnerability, which is why it has been rated so high. If you’re making use of App Control versions 8.5.x to 8.8.x, you’re affected. The good news is that all you need to do is patch to remediate the issue! Each previously listed version has its respective patch to apply. The bad news is that all you can do it patch. That’s right, there’s no other workarounds provided by VMware…except to not use App Control (sad face). The other good news is that it appears that the threat actor would need administrative access to the App Control admin interface in order to exploit the vulnerability. So if you can’t, or don’t want to patch right now, take extra precautions to secure privileged access. You can check out the official advisory article here if you wish to read up on further details. Paul Dirmann, signing off (with a quickness because I’m on vacation but wanted to get this in front of the community for awareness 🙂 )

Thanks for reading. If you enjoyed the post make sure you check us out at dirmann.tech and follow us on LinkedInTwitterInstagram, and Facebook!

 

Share this article on social media:
Facebooktwitterredditpinterestlinkedinmail