VMware Carbon Black Cloud WorkloadÉí·ÝÑéÖ¤Èƹý·ì϶£¨CVE-2021-21982£©

°ä²¼¹¦·ò 2021-04-02

0x00 ·ì϶¸ÅÊö

CVE  ID

CVE-2021-21982

ʱ   ¼ä

2021-04-02

Àà   ÐÍ

 Éí·ÝÑéÖ¤Èƹý

µÈ   ¼¶

ÑϳÁ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò

VMware Carbon Black   Cloud Workload appliance <=  1.0.1

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ


 

0x01 ·ì϶ÏêÇé

image.png

 

VMware Carbon Black CloudÊÇÒ»¸öÔÆÔ­Éú¶ËµãºÍ¹¤×÷¸ºÔر£»¤Æ½Ì¨£¨EPPºÍCWP£©£¬¿ÉÓÐЧ×èÖ¹ÐÂÐËÍþв¡£Carbon Black Cloud Workloadͨ¹ý½«ÈõµãÆÀ¹À¡¢¹¤×÷¸ºÔؼӹÌÓëÒµ½çµ±ÏȵÄÐÂÒ»´ú·À²¡¶¾£¨NGAV£©¡¢¹¤×÷¸ºÔØÐÐΪ¼à²âÒÔ¼°¶Ëµã¼ì²âºÍÏìÓ¦£¨EDR£©Ö°ÄÜÏà½áºÏ£¬ÎªÔËÐÐÔÚÕâЩ»·¾³ÖеŤ×÷¸ºÔØÌṩ±£»¤¡£

2021Äê04ÔÂ01ÈÕ£¬VMware¹Ù·½°ä²¼°²È«²¼¸æ£¬¹«¿ªÁËVMware Carbon Black Cloud WorkloadÖеÄÒ»¸öÉí·ÝÑéÖ¤Èƹý·ì϶£¨CVE-2021-21982£©£¬¸Ã·ì϶µÄCVSSv3¸ù»ùµÃ·ÖΪ9.1¡£

¹¥»÷Õß¿ÉÄÜͨ¹ýÀûÓô˷ì϶»ñÈ¡VMware Carbon Black Cloud WorkloadÉ豸µÄÖÎÀí½çÃæ½Ó¼ûȨÏÞ£¨ºÃ±Èͨ¹ý°Ñ³ÖÖÎÀí½çÃæURL)£¬ÒÔ»ñÈ¡ÓÐЧµÄÉí·ÝÑéÖ¤ÁîÅÆ£¬´Ó¶ø»ñµÃ¶ÔÉ豸ÖÎÀíAPIµÄ½Ó¼ûȨÏÞ¡£³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷Õß×îÖÕÄܹ»²é¿´ºÍ¸ü¸ÄÖÎÀíÅäÖÃÉèÖã¬ÇҸ÷ì϶ÎÞÐèÉí·ÝÑéÖ¤»òÓû§½»»¥¼´¿ÉÀûÓá£

 

0x02 ´ëÖý¨Òé

Ä¿Ç°¸Ã·ì϶ÒѾ­½¨¸´£¬½¨ÒéʵʱÉý¼¶ÖÁVMware Carbon Black Cloud Workload appliance 1.0.2°æ±¾¡£

ÏÂÔØÁ´½Ó£º

https://docs.vmware.com/en/VMware-Carbon-Black-Cloud-Workload/1.0/rn/cbc-workload-102-release-notes.html

 


0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2021-0005.html

https://www.bleepingcomputer.com/news/security/vmware-fixes-authentication-bypass-in-data-center-security-software/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21982

 


0x04 ¹¦·òÏß

2021-04-01  VMware°ä²¼°²È«²¼¸æ

2021-04-02  VSRC°ä²¼°²È«¹«¸æ

 


0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png