SOCRadar® Cyber Intelligence Inc. | VMware Fixes Critical Vulnerability in Carbon Black App Control (CVE-2023-20858)


Feb 22, 2023
2 Mins Read

VMware Fixes Critical Vulnerability in Carbon Black App Control (CVE-2023-20858)

VMware has recently rolled out a patch to address a critical vulnerability in its Carbon Black App Control product, which could result in full access to the operating system. The VMware vulnerability is identified as CVE-2023-20858 and has a CVSS score of 9.1

The Carbon Black App Control product is used for application control and endpoint security; it enforces security policies for endpoints and controls which applications are allowed to run on them. 

The vulnerability, CVE-2023-20858, was reported by the security researcher Jari Jääskelä of HackerOne

Affected Carbon Black App Control Versions 

The following versions of VMware Carbon Black App Control, running on Microsoft Windows operating systems, are vulnerable to CVE-2023-20858: 

  • 8.7.x before 8.7.8 
  • 8.8.x before 8.8.6 
  • 8.9.x before 8.9.4 

How Does the CVE-2023-20858 Vulnerability Affect? 

The CVE-2023-20858 vulnerability could allow an attacker with privileged access to the VMware product’s administration console to launch injection exploits with specially crafted input. Successful exploitation of the vulnerability could lead to the underlying server operating system being fully compromised. 

Security researchers advised applying the patches to avoid exploitation. See the official VMware advisory for the Carbon Black App Control vulnerability here

VMware Fixes Additional Vulnerabilities 

Another advisory by VMware includes a high-severity vulnerability in its vRealize Orchestrator, vRealize Automation, and Cloud Foundation products. It is an XML External Entity (XXE) vulnerability tracked as CVE-2023-20855, with a CVSS score of 8.8

CVE-2023-20855 could allow an attacker to escalate privilege or access sensitive information by bypassing XML parsing restrictions and does not require administrative access. An attacker can use crafted input to exploit the vulnerability. 

Find Details on SOCRadar 

SOCRadar tracks all vulnerability statuses and updates so that you can easily access them on the platform. The Vulnerability Intelligence tab displays the most recent vulnerability trends among threat actors and weekly vulnerabilities. It also allows you to search through many vulnerabilities to find detailed information. The platform also sends alerts if any vulnerabilities are discovered in your assets, allowing you to better manage your security posture.

Improve your security with SOCRadar Vulnerability Intelligence