Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1131 VMSA-2021-0005 VMware Carbon Black Cloud Workload appliance incorrect URL handling vulnerability 6 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware Carbon Black Cloud Workload appliance Publisher: VMWare Operating System: Linux variants Impact/Access: Administrator Compromise -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-21982 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2021-0005.html - --------------------------BEGIN INCLUDED TEXT-------------------- Advisory ID: VMSA-2021-0005 CVSSv3 Range: 9.1 Issue Date: 2021-04-01 Updated On: 2021-04-01 (Initial Advisory) CVE(s): CVE-2021-21982 Synopsis: VMware Carbon Black Cloud Workload appliance update addresses incorrect URL handling vulnerability (CVE-2021-21982) 1. Impacted Products o VMware Carbon Black Cloud Workload appliance. 2. Introduction A vulnerability in VMware Carbon Black Cloud Workload appliance was privately reported to VMware. An update is available to remediate this vulnerability in the affected versions of the appliance. 3. Advisory Details Description A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1. Known Attack Vectors A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance may be able to obtain a valid authentication token, granting access to the administration API of the appliance. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings. Resolution To remediate CVE-2021-21982 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds None. Mitigation VMware best practices recommend implementing network controls to limit access to the local administrative interface of the appliance. Unrestricted network access to this interface is not required for the regular operation of the product. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank Egor Dimitrenko of Positive Technologies for reporting this issue to us. Response Matrix Product Version Running CVE Identifier CVSSv3 Severity Fixed Workarounds Additional On Version Documentation VMware Carbon 1.0.1 Black and Linux CVE-2021-21982 9.1 critical 1.0.2 None None Cloud prior Workload appliance 4. References Fixed Version(s) and/or Release Notes https://docs.vmware.com/en/VMware-Carbon-Black-Cloud-Workload/1.0/rn/ cbc-workload-102-release-notes.html Mitre CVE Dictionary Links https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21982 FIRST CVSSv3 Calculator https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/ I:H/A:N 5. Change Log 2021-04-01 VMSA-2021-0005 Initial security advisory. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYGu+HeNLKJtyKPYoAQiHURAAsFpZLsW0HFYDOqhdiFzLSIHmAZdvulN/ CHsdPzWerG+7/ydKjJM+XiM5ZjAhW/A2rX4iDKqWcXp43A3u2HPn+DwcVoRGcOg/ PtajDFcdj4DcqxH0g09E9bSFKhpo2SJLDsju3ogvgyESAKj9mhhtlcnEpYo+D6x/ kNoxdROzGpk3O++tJGZ1gVpvLe/Craxqsnh2lJuvj660rNOYGVfdT2qfMIOvYdhq eZ/A2pXpka3SP+YteJ/9fWVHkCQqIZTeDXZEKNnCppF34T+Cy3zYk9utkt04HckT qztYHRyBkZCHTLyLtMIXfBs+aR8l1MeAH74hJou38AHwkFMtYq8RBM7IiQaZsPhI 8hYZOSWqvGDf/HPsErGA7XiwitJhnNAcNOdJDc21EsqfRJc6wCxbvtDzgoPc+Syd LG1VYrun8+vsEgHwXPIr/xEq9ytkomcL+qJOxMSOMx1BwPLkLKu5OtVFWuQdE6dn ui1HcKVEoxJuv9jIsvZ0j9V2iyNOmNKoELmZPYuSjssdIQeWhRo3XtkSx+G4TIjp foywl53wGZogsNno1simk61cmlZ/W+jcvsnwoPUoWarvyL76uDFXwgWjn4uZ7BoG AFaXVPvKExbbs+Cj6PQmi3lnXAJoJ2uj14O758BkZ7JpICbricIRWa2hoC29WaiL VfHtlDBCmeg= =k2DY -----END PGP SIGNATURE-----