Critical Auth Bypass Bug Found in VMware Data Centre Security Product

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. The flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1. Carbon Black Cloud Workload is a data centre security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company's cloud-computing virtualization platform. The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defence for virtual servers and workloads that are hosted on the VMware’s vSphere platform. vSphere is VMware’s cloud-computing virtualization platform.

Affected CVE-2021-21982

How does the exploitation work?

  1. A malicious actor can then view and alter administrative configuration settings, the company added.
  2. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.
  3. URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication.
  4. A remote attacker could exploit this vulnerability to take control of an affected system.
  5. The security hole is only the latest critical problem that VMware has addressed.
  6. In February for instance, VMware patched three vulnerabilities in its virtual-machine infrastructure for data centers, including a remote code execution (RCE) flaw in its vCenter Server management platform.
  7. The vulnerability could allow attackers to breach the external perimeter of an enterprise data center or leverage backdoors already installed on a system, to find other vulnerable points of network entry to take over affected systems.

Remediations:

  1. Companies are urged to update to the latest version, version 0.2, of the VMware Carbon Black Cloud Workload appliance, which contains a fix.
  2. Users should also limit access to the local administrative interface of the appliance to only those that need it, VMware recommended.