Executive Summary

Summary
Title- vRealize Operations updates address a local privilege escalation vulnerability
Informations
NameVMSA-2018-0031First vendor Publication2018-12-18
VendorVMwareLast vendor Modification2018-12-18
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Privilege escalation vulnerability in support scripts

vROps contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a machine where vROps is installed.

**The admin user (non-sudoer) should not be confused with root of the vROps machine.

VMware would like to thank Alessandro Zanni, pentester at OVH for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6978 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2018-0031.html

CWE : Common Weakness Enumeration

%idName
100 %CWE-264Permissions, Privileges, and Access Controls

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-02-06 21:21:33
  • Multiple Updates
2018-12-19 00:21:33
  • Multiple Updates
2018-12-18 21:19:15
  • First insertion