VMware has patched a Critical authentication vulnerability in VMware Carbon Black App Control (AppC). The tech giant also issued a security advisory for a High risk vulnerability in VMware Tools, VMware Remote Console for Windows (VMRC) and VMware App Volumes products.
An attacker could exploit one of these vulnerabilities and take control of an unpatched system.
CVE-2021-21998
For the first issue, VMware Carbon Black AppC management server has an authentication bypass vulnerability CVE-2021-21998.
“A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate,” VMware stated in the advisory (VMSA-2021-0012).
The vulnerability is rated Critical severity and has a CVSSv3 base score of 9.4. Affected products include AppC versions 8.1.x, 8.0.x, 8.5.x and 8.6.x.
CVE-2021-21999
For the second issue, a local privilege escalation vulnerability CVE-2021-21999 exists in VMware Tools for Windows, VMRC for Windows and VMware App Volumes.
“An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges,” VMware stated in the advisory (VMSA-2021-0013).
The vulnerability is rated High severity and has a CVSSv3 base score of 7.8. Affected products include VMware Tools (11.x.y, but not 11.3.0 and 10.x.y versions), VMRC for Windows (12.x versions), and App Volumes (2.x and 4.0 versions).
Administrators should patch affected systems as soon as possible.
On a related note, security researchers recently spotted thousands of vulnerable unpatched VMware vCenter servers exposed on the internet, as we posted last week. Multiple proof-of-concepts (PoCs) had been previously posted online for exploits against a remote code execution (RCE) vulnerability CVE-2021-21985.