VMware has released a security update to fix a vulnerability in the VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system.
The security update released as CVE-2021-21982 was discovered on VMware Carbon Black Cloud Workload devices and has been warned as critical. A URL in the admin interface of the VMware Carbon Black Cloud Workload appliance can be changed to bypass authentication. VMware rated the severity of this issue with a maximum CVSSv3 base score of 9.1 in the Critical severity range. A malicious actor with network access to the management interface of the VMware Carbon Black Cloud Workload appliance can obtain a valid authentication token that provides access to the management API of the device. Successful exploitation of this issue will result in the attacker being able to view and change administrative configuration settings.
According to VMware, the SSRF vulnerability could allow an attacker with network access to the API to obtain administrative credentials. The second vulnerability allows an authenticated attacker to write files to arbitrary locations in the underlying Photon operating system.