Threat Advisories

VMware patches 2 Critical Vulnerabilities in Carbon Black App Control, VMWare Tools and VMWare Remote Console

June 24, 2021

THREAT LEVEL: Amber.

For a detailed advisory, download the pdf file here.

VMware has patched an authentication bypass vulnerability(CVE-2021-21998) in the carbon black app control management server. Apart from this vulnerability VMware also patched a privilege escalation vulnerability(CVE-2021-21999) which was affected the VMware Tools for Windows, VMware Remote Console for Windows.

Vulnerability Details

Patch Links

https://www.vmware.com/security/advisories/VMSA-2021-0012.html

https://www.vmware.com/security/advisories/VMSA-2021-0013.html

References

https://us-cert.cisa.gov/ncas/current-activity/2021/06/23/vmware-releases-security-updates

https://www.bleepingcomputer.com/news/security/vmware-fixes-authentication-bypass-in-carbon-black-app-control/

Cybersecurity Startup Hive Pro Secures $3 Million in Seed Funding

REvil Ransomware gang behind the Kaseya VSA Supply-Chain attack