Security News > 2021 > April > Critical Auth Bypass Bug Found in VMware Data Center Security Product
A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems.
Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company's cloud-computing virtualization platform.
"A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication," VMware said in its advisory, thereby allowing an adversary with network access to the interface to gain access to the administration API of the appliance.
In addition to releasing a fix for CVE-2021-21982, VMware has also addressed two separate bugs in its vRealize Operations Manager solution that an attacker with network access to the API could exploit to carry out Server Side Request Forgery attacks to steal administrative credentials and write files to arbitrary locations on the underlying photon operating system.
"The combination of two security flaws makes the situation even more dangerous, as it allows an unauthorized attacker to obtain control over the server and move laterally within the infrastructure."
VMware has released patches for vRealize Operations Manager versions 7.0.0, 7.5.0, 8.0.1, 8.1.1, 8.2.0 and 8.3.0.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/XlxXgXJA31s/critical-auth-bypass-bug-found-in.html
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-01 | CVE-2021-21982 | Improper Authentication vulnerability in VMWare Carbon Black Cloud Workload 1.0/1.0.1 VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. | 9.1 |