CVE-2021-21982
published 2021-04-01CVE-2021-21982: VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to…
PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
1.36%
68.2th percentile
VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | carbon_black_cloud_workload | <= 1.0.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability involves URL manipulation on the administrative interface of the VMware Carbon Black Cloud Workload appliance to bypass authentication and obtain a valid authentication token. ↗
- →Monitor for unexpected or anomalous authentication token issuance from the VMware Carbon Black Cloud Workload appliance administrative interface, which may indicate exploitation of the authentication bypass. ↗
- →Monitor for unauthorized changes to administrative configuration settings on the VMware Carbon Black Cloud Workload appliance, which may indicate post-exploitation activity following authentication bypass. ↗
- ·Only VMware Carbon Black Cloud Workload appliance versions 1.0.0 and 1.01 are confirmed affected by this authentication bypass vulnerability. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware Carbon Black Cloud Workload appliance update addresses incorrect URL handling vulnerability (CVE-2021-21982)
vendor_vmware·2021-04-01·CVSS 9.1
CVE-2021-21982 [CRITICAL] VMware Carbon Black Cloud Workload appliance update addresses incorrect URL handling vulnerability (CVE-2021-21982)
VMSA-2021-0005: VMware Carbon Black Cloud Workload appliance update addresses incorrect URL handling vulnerability (CVE-2021-21982)
A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1.
CVEs: CVE-2021-21982
Affected products: VMware Carbon Black
GHSA
GHSA-8rmv-qvj2-587v: VMware Carbon Black Cloud Workload appliance 1
ghsa_unreviewed·2022-05-24
CVE-2021-21982 [CRITICAL] CWE-287 GHSA-8rmv-qvj2-587v: VMware Carbon Black Cloud Workload appliance 1
VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-01
Published