==================================================================== CERT-Renater Note d'Information No. 2020/VULN690 _____________________________________________________________________ DATE : 16/12/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): macOS running VMware Carbon Black Cloud macOS Sensor versions prior to 3.5.1. ===================================================================== https://www.vmware.com/security/advisories/VMSA-2020-0028.html _____________________________________________________________________ Low Advisory ID: VMSA-2020-0028 CVSSv3 Range: 3.6 Issue Date: 2020-12-15 Updated On: 2020-12-15 (Initial Advisory) CVE(s): CVE-2020-4008 Synopsis: VMware Carbon Black Cloud macOS Sensor installer updates address file overwrite issue (CVE-2020-4008) 1. Impacted Products VMware Carbon Black Cloud macOS Sensor 2. Introduction A file overwrite issue affecting the installation of the Carbon Black Cloud Sensor for macOS, was privately reported to VMware. The issue has been addressed in the latest version of the installer. 3. VMware Carbon Black Cloud macOS Sensor installer file overwrite issue (CVE-2020-4008) Description The installer of the macOS Sensor for VMware Carbon Black Cloud handles certain files in an insecure way. VMware has evaluated the severity of this issue to be in the Low severity range with a CVSSv3 base score of 3.6. Known Attack Vectors A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. The malicious actor would have to trick a victim to install malware in order to obtain such access. Exploitation of this issue can only occur at a specific point of time during the installation process and depends on specific conditions. Resolution To remediate CVE-2020-4008 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank Jimi Sebree of Tenable Research for reporting this issue to us. Response Matrix Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation Carbon Black Cloud macOS Sensor 3.4.3 macOS CVE-2020-4008 3.6 low 3.5.1 None None 4. References Fixed Version(s) and Release Notes: https://community.carbonblack.com/t5/Carbon-Black-Cloud-macOS-Sensor/tkb-p/release_notes_macos Additional Documentation: None Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4008 FIRST CVSSv3 Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L 5. Change Log 2020-12-15: VMSA-2020-0028 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2020 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41         + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================