Table of Contents
VMware’s Carbon Black Cloud Workload appliance is supposed to secure your private cloud infrastructure and it does. It will continue to do so as long as you install the latest update, which contains a patch.
According to VMware, a specific URL can be manipulated to gain administrative control over the appliance by bypassing authentication. This would allow an array of attacks to be deployed, including remote code execution.
VMware urges users to update to the latest version as soon as possible. You can find more details regarding this vulnerability in the national vulnerability database (CVE-2021-21982).
Also, it’s a good idea to limit access to the local administrative tools to users that need it. The principle of least privilege can really work wonders here. For example, Sally from accounting doesn’t need admin rights to the database. From an administrative perspective, it’s always good to keep users on a need-to-elevate basis.
Unfortunately, this isn’t the first vulnerability VMware has announced. Three previous vulnerabilities were patched that would allow remote code execution in its vCenter Server management platform.