CVE-2020-4008: VMSA-2020-0028

Advisory ID: VMSA-2020-0028

CVSSv3 Range: 3.6

Issue Date: 2020-12-15

Updated On: 2020-12-15 (Initial Advisory)

CVE(s): CVE-2020-4008

Synopsis: VMware Carbon Black Cloud macOS Sensor installer updates address file overwrite issue (CVE-2020-4008)

Share this page on social media

Sign up for Security Advisories

****1. Impacted Products****

VMware Carbon Black Cloud macOS Sensor

****2. Introduction****

A file overwrite issue affecting the installation of the Carbon Black Cloud Sensor for macOS, was privately reported to VMware. The issue has been addressed in the latest version of the installer.

****3. VMware Carbon Black Cloud macOS Sensor installer file overwrite issue (CVE-2020-4008)****

The installer of the macOS Sensor for VMware Carbon Black Cloud handles certain files in an insecure way. VMware has evaluated the severity of this issue to be in the Low severity range with a CVSSv3 base score of 3.6.

A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. The malicious actor would have to trick a victim to install malware in order to obtain such access. Exploitation of this issue can only occur at a specific point of time during the installation process and depends on specific conditions.

To remediate CVE-2020-4008 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below.

VMware would like to thank Jimi Sebree of Tenable Research for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Carbon Black Cloud macOS Sensor

3.4.3

macOS

CVE-2020-4008

3.6

low

3.5.1

None

None

****4. References****

****5. Change Log****

2020-12-15: VMSA-2020-0028
Initial security advisory.

****6. Contact****