What is the severity of CVE-2023-20858?

CVE-2023-20858 is classified as a high-severity vulnerability due to its potential exploitation by privileged attackers.

How do I fix CVE-2023-20858?

To fix CVE-2023-20858, you should update VMware Carbon Black App Control to the latest version, 8.7.8 or 8.8.6, or later versions.

Which versions of VMware Carbon Black App Control are affected by CVE-2023-20858?

CVE-2023-20858 affects VMware Carbon Black App Control versions prior to 8.7.8, 8.8.6, and 8.9.4.

Can CVE-2023-20858 be exploited remotely?

CVE-2023-20858 requires privileged access to the App Control administration console for exploitation, hence it cannot be exploited remotely by unauthorized users.

What type of vulnerability is CVE-2023-20858?

CVE-2023-20858 is classified as an injection vulnerability, allowing the input of specially crafted data to gain unauthorized access.

Vulnerability/
CVE-2023-20858

high

7.2

CWE

21/2/2023

17/3/2025

CVE-2023-20858

First published: Tue Feb 21 2023(Updated: )

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
All of
Any of
VMware Carbon Black	>=8.7.0<8.7.8
VMware Carbon Black	>=8.8.0<8.8.6
VMware Carbon Black	>=8.9.0<8.9.4
Microsoft Windows Operating System
VMware Carbon Black	>=8.7.0<8.7.8
VMware Carbon Black	>=8.8.0<8.8.6
VMware Carbon Black	>=8.9.0<8.9.4
Microsoft Windows Operating System

Remedy

https://www.vmware.com/security/advisories/VMSA-2023-0004.html

Never miss a vulnerability like this again

Reference Links

https://www.vmware.com/security/advisories/VMSA-2023-0004.html

Frequently Asked Questions

What is the severity of CVE-2023-20858?
CVE-2023-20858 is classified as a high-severity vulnerability due to its potential exploitation by privileged attackers.
How do I fix CVE-2023-20858?
To fix CVE-2023-20858, you should update VMware Carbon Black App Control to the latest version, 8.7.8 or 8.8.6, or later versions.
Which versions of VMware Carbon Black App Control are affected by CVE-2023-20858?
CVE-2023-20858 affects VMware Carbon Black App Control versions prior to 8.7.8, 8.8.6, and 8.9.4.
Can CVE-2023-20858 be exploited remotely?
CVE-2023-20858 requires privileged access to the App Control administration console for exploitation, hence it cannot be exploited remotely by unauthorized users.
What type of vulnerability is CVE-2023-20858?
CVE-2023-20858 is classified as an injection vulnerability, allowing the input of specially crafted data to gain unauthorized access.

agent/type
agent/references
agent/author
agent/severity
agent/weakness
agent/remedy
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/source
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/vmware
canonical/vmware carbon black
version/vmware carbon black/8.7.0
version/vmware carbon black/8.8.0
version/vmware carbon black/8.9.0
vendor/microsoft
canonical/microsoft windows operating system

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.