CVE-2023-20858
Published: 22 February 2023
Summary
CVE-2023-20858 is a high-severity Injection (CWE-74) vulnerability in Vmware Carbon Black App Control. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 21.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
VMware Carbon Black App Control versions 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x prior to 8.9.4 contain an injection vulnerability tracked as CVE-2023-20858 and assigned CWE-74. The flaw resides in the product’s administration console and carries a CVSS 3.1 base score of 7.2 reflecting network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability when successfully exploited.
A malicious actor who already possesses privileged administrative access to the App Control console can supply specially crafted input that results in command or code injection, ultimately granting access to the underlying server operating system and full control over the host.
The official VMware advisory VMSA-2023-0004 recommends upgrading affected installations to the fixed releases listed above to eliminate the injection vector. The associated EPSS score rose from a low baseline to a peak of 0.0641 on 2026-03-03 before receding to its current value of 0.0111, indicating a period of increased exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-25037
Vulnerability details
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted…
more
input allowing access to the underlying server operating system.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.