{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-020.pdf"
    },
    "title": "Multiple Critical Vulnerabilities in VMware Carbon Black",
    "serial_number": "2022-020",
    "publish_date": "25-03-2022 12:23:00",
    "description": "On 23/03/2022, VMware has published multiple critical vulnerabilities (\"CVE-2022-22951\", \"CVE-2022-22952\") in VMware products which allow remote code execution. These vulnerabilities may lead to gaining control over the targeted system. Both vulnerabilities rated with CVSSv3 base score of 9.1 out of 10.",
    "url_title": "2022-020",
    "content_markdown": "---\ntitle: 'Multiple Critical Vulnerabilities in\u00a0VMware\u00a0Carbon\u00a0Black'\nversion: '1.0'\nnumber: '2022-020'\ndate: 'March 25, 2022'\n---\n\n_History:_\n\n* _25/03/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn 23/03/2022, VMware has published multiple critical vulnerabilities (`CVE-2022-22951`, `CVE-2022-22952`) [2, 3] in VMware products which allow remote code execution. These vulnerabilities may lead to gaining control over the targeted system. Both vulnerabilities rated with CVSSv3 base score of 9.1 out of 10. [1]\n\n\n# Technical Details\n\nVMware Carbon Black App Control (AppC) contains an OS command injection vulnerability (`CVE-2022-22951`) and a file upload vulnerability (`CVE-2022-22952`).\n\nAccording to VMware, the `CVE-2022-22951` [2] is an OS command injection vulnerability which allows an **authenticated, high privileged** malicious actor with network access to the VMware App Control administration interface to execute commands on the server due to improper input validation leading to remote code execution.\n\nAdditionally, the `CVE-2022-22952` [3] is related to a file upload vulnerability which allows a malicious actor with **administrative access** to the VMware App Control administration interface to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.\n\n\n# Affected Products\n\nBelow is the list of the affected products which are running on Windows:\n\n- VMware Carbon Black App Control versions 8.8.x\n- VMware Carbon Black App Control versions 8.7.x\n- VMware Carbon Black App Control versions 8.6.x\n- VMware Carbon Black App Control versions 8.5.x\n\n\n# Recommendations and Workarounds\n\nCERT-EU recommends following the specific steps listed for each of the following version of the product to address the reported issue. \n\nPatches are available for each of the affected versions on VMware website. [1]\n\nThere is no known workaround for the reported vulnerabilities.\n\n# References\n\n[1] <https://www.vmware.com/security/advisories/VMSA-2022-0008.html>\n\n[2] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22951>\n\n[3] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22952>\n\n\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>25/03/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On 23/03/2022, VMware has published multiple critical vulnerabilities (<code>CVE-2022-22951</code>, <code>CVE-2022-22952</code>) [2, 3] in VMware products which allow remote code execution. These vulnerabilities may lead to gaining control over the targeted system. Both vulnerabilities rated with CVSSv3 base score of 9.1 out of 10. [1]</p><h2 id=\"technical-details\">Technical Details</h2><p>VMware Carbon Black App Control (AppC) contains an OS command injection vulnerability (<code>CVE-2022-22951</code>) and a file upload vulnerability (<code>CVE-2022-22952</code>).</p><p>According to VMware, the <code>CVE-2022-22951</code> [2] is an OS command injection vulnerability which allows an <strong>authenticated, high privileged</strong> malicious actor with network access to the VMware App Control administration interface to execute commands on the server due to improper input validation leading to remote code execution.</p><p>Additionally, the <code>CVE-2022-22952</code> [3] is related to a file upload vulnerability which allows a malicious actor with <strong>administrative access</strong> to the VMware App Control administration interface to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file.</p><h2 id=\"affected-products\">Affected Products</h2><p>Below is the list of the affected products which are running on Windows:</p><ul><li>VMware Carbon Black App Control versions 8.8.x</li><li>VMware Carbon Black App Control versions 8.7.x</li><li>VMware Carbon Black App Control versions 8.6.x</li><li>VMware Carbon Black App Control versions 8.5.x</li></ul><h2 id=\"recommendations-and-workarounds\">Recommendations and Workarounds</h2><p>CERT-EU recommends following the specific steps listed for each of the following version of the product to address the reported issue. </p><p>Patches are available for each of the affected versions on VMware website. [1]</p><p>There is no known workaround for the reported vulnerabilities.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.vmware.com/security/advisories/VMSA-2022-0008.html\">https://www.vmware.com/security/advisories/VMSA-2022-0008.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22951\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22951</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22952\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22952</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}