WCB#9-Critical injection vulnerability found in Carbon Black App Control

WCB#9-Critical injection vulnerability found in Carbon Black App Control

·

4 min read

Weekly Recap

From a U.S. military data leak to fake air strike warnings in Russia, this week in Cyber ran the gamut of interesting stories. Some of these stories include:

  • Sensitive US military emails spill online - An exposed server that was part of an internal mailbox system was configured wrongly without a password. This left the mailbox that contained terabytes of internal government emails wide open to be accessed by anyone on the internet. This critical vulnerability was found by security researcher Anurag Sen. More on this story can be found here.

  • Fake air strike warnings caused by hackers in Russia - According to the Russian government, fake warnings of air raids were broadcasted on radio stations across the nation due to hackers. This comes off the heels of another attack by hackers targeting two Russian media sites during President Putin's speech. The Russian government has assumed the attack is of Ukrainian origin. More on this story can be found here.

  • Activision holding out on notifying employees of a data breach - Activision, a powerhouse in the gaming industry responsible for blockbuster games such as Call of Duty, was the victim of a phishing attack on December 4th. One of its employees fell prey to this attack and allowed hackers to gain access to some internal information regarding employee data and game data. Unfortunately, the gaming giant did not alert the relevant entities promptly and only just disclosed this event last weekend. The company may face some repercussions for not informing these entities due to data breach notification laws. More on this story can be found here.

For this week's main story, I chose to focus on the critical injection vulnerability found in several versions of VMware's Carbon Black App Control for Windows.

Background

What is VMware? VMware is a software company specializing in virtualization and cloud computing. Its software allows individuals to run virtual machines(digital versions of physical computers), containers(packages containing the necessary elements to run the software) and Kubernetes(automates tasks of container management).

What is Carbon Black App Control?

VMware's Carbon Black is a suite of endpoint technologies used to harden a company's network through processes such as file integrity monitoring and ensure trusted and approved software is the only type of software allowed to run on an organization's critical systems and endpoints. Ultimately, the Carbon Black App Control ensures companies are in continuous compliance with regulatory mandates and that their servers and critical systems are protected.

What are injection flaws?

According to bleeping computer, "Injection flaws allow attackers to execute commands or code in the target app. They can lead to complete compromise of backend systems and all clients that connect to the vulnerable application." With this, a hacker can gain sensitive information on accounts that have been compromised and use privilege escalation to get to a user attached to an administrator type of account. Needless to say, that would be bad news for a company since an administrator account has a high degree of access

Why I found this story interesting

Knowing briefly the capabilities of Carbon Black App Control, a hacker that can exploit this injection vulnerability can compromise the network of an organization and negatively impact clients using that network by way of a data leak. What's also interesting to me was that if not for the security analyst & bug bounty hunter Jari Jääskelä, VMware would not have been aware of this vulnerability. With a CVSS(Common Vulnerability Scoring System) severity of 9.1 out of 10, one can assume that VMware handsomely rewarded Jari for alerting them of this bug.

Possible Implications

  • Loss of revenue

  • Loss of trust

  • Sensitive Data Exposure

Possible Solutions

  • VMware recommends updating versions 8.9.4 amongst others for App Control. More on this can be found here.

Conclusion

No major damage was seen in this story thanks to the bug bounty hunter, Jari, informing VMware of this critical vulnerability. The ramifications of what could have happened if this vulnerability was exploited, however, would have been costly. Moving forward, VMware has alerted the public to update App control to the fixed versions listed on their website.

Resources

Toulas, B. (2023, February 22). VMware warns admins of critical carbon black app control flaw. BleepingComputer. Retrieved February 26, 2023, from https://www.bleepingcomputer.com/news/security/vmware-warns-admins-of-critical-carbon-black-app-control-flaw/#:~:text=The%20company%20warns%20that%20the,only%20trusted%20and%20approved%20software.

Russia blames hackers as commercial radio stations broadcast fake air strike warnings. The Record from Recorded Future News. (2023, February 22). Retrieved February 26, 2023, from https://therecord.media/russia-radio-hackers-fake-air-raid-missile-strike-warnings/

Whittaker, Z. (2023, February 21). Sensitive US military emails spill online. TechCrunch. Retrieved February 26, 2023, from https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/

Franceschi-Bicchierai, L. (2023, February 21). Activision did not notify employees of data breach for months. TechCrunch. Retrieved February 26, 2023, from https://techcrunch.com/2023/02/21/activision-did-not-notify-employees-of-data-breach-for-months/#:~:text=On%20December%204%2C%20hackers%20successfully,internal%20employee%20and%20game%20data.

VMSA-2023-0005. VMware. (2023, February 21). Retrieved February 26, 2023, from https://www.vmware.com/security/advisories/VMSA-2023-0005.html

Venkat, A., & Ross, R. (n.d.). VMware acquiring carbon black to boost security portfolio. Bank Information Security. Retrieved February 26, 2023, from https://www.bankinfosecurity.com/vmware-acquiring-carbon-black-to-boost-security-portfolio-a-12949