A file overwrite issue affecting the installation of the Carbon Black Cloud Sensor for macOS, was privately reported to VMware. The issue has been addressed in the latest version of the installer.
VMware has launched an advisory on this with Advisory ID: VMSA-2020-0028.
It was issued on 2020-12-15 with CVE(s): CVE-2020-4008 and CVSSv3 Range: 3.6 which is not that critical and comes under a LOW category. The main affected product is VMware Carbon Black Cloud macOS Sensor.
The main issue is, The installer of the macOS Sensor for VMware Carbon Black Cloud handles certain files in an insecure way.
Known Attack Vectors
A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. The malicious actor would have to trick a victim to install malware in order to obtain such access. Exploitation of this issue can only occur at a specific point of time during the installation process and depends on specific conditions.
Resolution
To remediate CVE-2020-4008 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| Carbon Black Cloud macOS Sensor | 3.4.3 | macOS | CVE-2020-4008 | 3.6 | Low | 3.5.1 | None | None |
Simply install the new version of the installer file and this issue can be fixed easily.
Source: VMware Advisory ID: VMSA-2020-0028
You’ll Also Like
- About Two New Critical VMware ESXi Vulnerabilities CVE-2020-4004, And CVE-2020-4005
- This Host Is Potentially Vulnerable To Issues Described In CVE-2018-3646 – Solved