VMware has addressed a critical flaw in its Carbon Black App Control offering, which is being used by enterprises to guarantee the execution of trusted and approved software on crucial systems and endpoints, reports SecurityWeek.
Threat actors who have gained privileged App Control administration console access could leverage the vulnerability, tracked as CVE-2023-20858, "to use specially crafted input allowing access to the underlying server operating system," said VMware.
App Control versions 8.7.x, 8.8.x, and 8.9.x on Windows are impacted by the vulnerability, which was identified by security researcher Jari Jskel. Aside from the Carbon Black App Control, VMware has also advised regarding a vRealize Orchestrator flaw enabling privilege escalation and information disclosure.
"A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges," said VMware.
Critical VMware Carbon Black App Control flaw addressed
VMware has addressed a critical flaw in its Carbon Black App Control offering, which is being used by enterprises to guarantee the execution of trusted and approved software on crucial systems and endpoints, reports SecurityWeek.
Threat actors leveraged social engineering techniques to lure targets into executing a malicious MSI installer-spoofing LNK file that would run an obfuscated script, which ensures persistence and downloads the VSCode command-line interface in the absence of VSCode to enable file access and additional compromise.
Such an issue, which was identified and reported by Databricks security team member Kostya Kortchinsky, affects all Apache Avro instances up to version 1.11.3, according to Qualys Manager of Threat Research Mayuresh Dani, who also noted potential abuse of the bug through Kafka.