VMware Carbon Black Cloud WorkloadÉí·ÝÑéÖ¤ÈƹýÎó²î£¨CVE-2021-21982£©

Ðû²¼Ê±¼ä 2021-04-02

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2021-21982

ʱ   ¼ä

2021-04-02

Àà   ÐÍ

 Éí·ÝÑéÖ¤Èƹý

µÈ   ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

VMware Carbon Black   Cloud Workload appliance <=  1.0.1

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ


 

0x01 Îó²îÏêÇé

image.png

 

VMware Carbon Black CloudÊÇÒ»¸öÔÆÔ­Éú¶ËµãºÍÊÂÇ鸺Ôر£»£»£»£»£»¤Æ½Ì¨£¨EPPºÍCWP£©£¬£¬£¬£¬£¬£¬¿ÉÓÐÓÃ×èÖ¹ÐÂÐËÍþв¡£¡£¡£¡£Carbon Black Cloud Workloadͨ¹ý½«ÈõµãÆÀ¹À¡¢ÊÂÇ鸺ÔؼӹÌÓëÒµ½çÁìÏȵÄÐÂÒ»´ú·À²¡¶¾£¨NGAV£©¡¢ÊÂÇ鸺ÔØÐÐΪ¼à²âÒÔ¼°¶Ëµã¼ì²âºÍÏìÓ¦£¨EDR£©¹¦Ð§ÏàÁ¬Ïµ£¬£¬£¬£¬£¬£¬ÎªÔËÐÐÔÚÕâЩÇéÐÎÖеÄÊÂÇ鸺ÔØÌṩ±£»£»£»£»£»¤¡£¡£¡£¡£

2021Äê04ÔÂ01ÈÕ£¬£¬£¬£¬£¬£¬VMware¹Ù·½Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬¹ûÕæÁËVMware Carbon Black Cloud WorkloadÖеÄÒ»¸öÉí·ÝÑéÖ¤ÈƹýÎó²î£¨CVE-2021-21982£©£¬£¬£¬£¬£¬£¬¸ÃÎó²îµÄCVSSv3»ù±¾µÃ·ÖΪ9.1¡£¡£¡£¡£

¹¥»÷ÕßÄܹ»Í¨¹ýʹÓôËÎó²î»ñÈ¡VMware Carbon Black Cloud Workload×°±¸µÄÖÎÀí½çÃæ»á¼ûȨÏÞ£¨ºÃ±Èͨ¹ýʹÓÃÖÎÀí½çÃæURL)£¬£¬£¬£¬£¬£¬ÒÔ»ñÈ¡ÓÐÓõÄÉí·ÝÑéÖ¤ÁîÅÆ£¬£¬£¬£¬£¬£¬´Ó¶ø»ñµÃ¶Ô×°±¸ÖÎÀíAPIµÄ»á¼ûȨÏÞ¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß×îÖÕ¿ÉÒÔÉó²éºÍ¸ü¸ÄÖÎÀíÉèÖÃÉèÖ㬣¬£¬£¬£¬£¬ÇÒ¸ÃÎó²îÎÞÐèÉí·ÝÑéÖ¤»òÓû§½»»¥¼´¿ÉʹÓᣡ£¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ¸ÃÎó²îÒѾ­ÐÞ¸´£¬£¬£¬£¬£¬£¬½¨ÒéʵʱÉý¼¶ÖÁVMware Carbon Black Cloud Workload appliance 1.0.2°æ±¾¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://docs.vmware.com/en/VMware-Carbon-Black-Cloud-Workload/1.0/rn/cbc-workload-102-release-notes.html

 


0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2021-0005.html

https://www.bleepingcomputer.com/news/security/vmware-fixes-authentication-bypass-in-data-center-security-software/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21982

 


0x04 ʱ¼äÏß

2021-04-01  VMwareÐû²¼Ç徲ͨ¸æ

2021-04-02  VSRCÐû²¼Ç徲ͨ¸æ

 


0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png