Cybersecurity specialists report the discovery of at least two severe flaws in various products developed by VMware. According to the report, the successful exploitation of these flaws would allow the deployment of privilege escalation attacks and the evasion of security measures on the affected systems. 

Below are brief descriptions of the reported failures, in addition to their respective tracking keys and their scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-21999: The affected application does not impose adequate security restrictions, which would allow malicious hackers to evade security restrictions and privilege escalation.

The flaw received a CVSS score of 6.2/10 and its exploitation would allow privileges to scale on the compromised system.

This vulnerability resides in the following products and versions:

VMware Tools: 10.0.0, 10.0.5, 10.0.6, 10.0.8, 10.0.9, 10.0.12, 10.1.0, 10.1.5, 10.1.7, 10.1.10, 10.1.15, 10.2.0, 10.2.1, 10.2.5, 10.3.0, 10.3.2, 10.3.5, 10.3.10, 10.3.20, 10.3.21, 10.3.22, 10.3.23, 11.0.0, 11.0.1, 11.0.5, 11.0.6, 11.1.0, 11.1.1, 11.1.5, 11.2.0, 11.2.1 & 11.2.5

VMRC: 12.0.0

VMware App Volumes: 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 2.10, 2.11, 2.12, 2.12.1, 2.13, 2.13.1, 2.13.2, 2.13.3, 2.14, 2.15, 2.16, 2.17, 2.18, 2.18.1, 2.18.2, 2.18.3, 2.18.4, 2.18.5, 2.18.6, 2.18.7, 2.18.8, 2.18.9 & 4.0.0.105.

CVE-2021-21998: Un error durante el procesamiento de solicitudes de autenticación permitiría a los atacantes remotos evadir el proceso de autenticación y obtener acceso no autorizado a la aplicación comprometida.

This flaw received a CVSS score of 8.2/10 and is considered a critical security error.

The flaw resides in the following product and versions: VMware Carbon Black App Control Server: before 8.5.8, 8.6.2.

While the flaws could be exploited by remote threat actors, no exploitation attempts have yet been reported in real scenarios. Security patches are now available, so VMware recommends users of affected deployments fix them as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Critical vulnerabilities in VMware Carbon Black App Control Server. Patch now appeared first on Information Security Newspaper | Hacking News.

You May Also Like

How to download paid applications for free from Huawei AppGallery: New vulnerability found

Since then-U.S. President Donald Trump signed an executive order to apply restrictions…

Exploitation code for the zero-day vulnerability in Spring Framework for Java applications is published. New Log4Shell flaw

Cybersecurity specialists reported a new critical zero-day vulnerability in the Spring Core…

Critical vulnerability in cardiology medical devices would allow hackers to provoke heart attacks on victims

Cybersecurity specialists report the detection of a critical vulnerability in some devices…