Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title- vRealize Operations updates address a local privilege escalation vulnerability
NameVMSA-2018-0031First vendor Publication2018-12-18
VendorVMwareLast vendor Modification2018-12-18
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Privilege escalation vulnerability in support scripts

vROps contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a machine where vROps is installed.

**The admin user (non-sudoer) should not be confused with root of the vROps machine.

VMware would like to thank Alessandro Zanni, pentester at OVH for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6978 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Original Source

Url : http://www.vmware.com/security/advisories/VMSA-2018-0031.html

CWE : Common Weakness Enumeration

100 %CWE-732Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)

Alert History

If you want to see full details history, please login or register.
2019-02-06 21:21:33
  • Multiple Updates
2018-12-19 00:21:33
  • Multiple Updates
2018-12-18 21:19:15
  • First insertion