cbcvebase.
CVE-2021-21982
published 2021-04-01

CVE-2021-21982: VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to…

PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.36%
68.2th percentile
VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.

Affected

1 ranges
VendorProductVersion rangeFixed in
vmwarecarbon_black_cloud_workload<= 1.0.1

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability involves URL manipulation on the administrative interface of the VMware Carbon Black Cloud Workload appliance to bypass authentication and obtain a valid authentication token.
  • Monitor for unexpected or anomalous authentication token issuance from the VMware Carbon Black Cloud Workload appliance administrative interface, which may indicate exploitation of the authentication bypass.
  • Monitor for unauthorized changes to administrative configuration settings on the VMware Carbon Black Cloud Workload appliance, which may indicate post-exploitation activity following authentication bypass.
  • ·Only VMware Carbon Black Cloud Workload appliance versions 1.0.0 and 1.01 are confirmed affected by this authentication bypass vulnerability.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.