Executive Summary

Title- vRealize Operations updates address a local privilege escalation vulnerability
NameVMSA-2018-0031First vendor Publication2018-12-18
VendorVMwareLast vendor Modification2018-12-18
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores


Privilege escalation vulnerability in support scripts

vROps contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a machine where vROps is installed.

**The admin user (non-sudoer) should not be confused with root of the vROps machine.

VMware would like to thank Alessandro Zanni, pentester at OVH for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6978 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2018-0031.html

Alert History

If you want to see full details history, please login or register.
2018-12-19 00:21:33
  • Multiple Updates
2018-12-18 21:19:15
  • First insertion