VMware Releases Security Updates for Carbon Black App Control - 20230227005

Overview

VMWare has released security updates to patch a vulnerability in the Carbon Black App Control that could allow an attacker to take control of an affected system.

What is the vulnerability?

CVE-2023-20858 - CVSS v3 Base Score: 9.1

A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input to gain access to the underlying server operating system.

What is vulnerable?

The vulnerability affects the following products:

• VMware Carbon Black App Control
• 8.7.x prior to 8.7.8
• 8.8.x prior to 8.8.6
• 8.9.x.prior to 8.9.4

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices: Advisory ID: VMSA-2023-0004