Rewterz Threat Advisory – CVE-2020-12516 – ICS: WAGO Series 750-88x and 750-352
December 16, 2020Rewterz Threat Alert – APT-C-27 Raddex Family Malicious Android APK
December 16, 2020Rewterz Threat Advisory – CVE-2020-12516 – ICS: WAGO Series 750-88x and 750-352
December 16, 2020Rewterz Threat Alert – APT-C-27 Raddex Family Malicious Android APK
December 16, 2020Severity
Low
Analysis Summary
CVE-2020-4008
A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. The malicious actor would have to trick a victim to install malware in order to obtain such access. Exploitation of this issue can only occur at a specific point of time during the installation process and depends on specific conditions.
Impact
Insecure file handling
Affected Vendors
VMware
Affected Products
VMware Carbon Black Cloud macOS Sensor
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.
https://www.vmware.com/security/advisories/VMSA-2020-0028.html