Executive Summary
Summary | |
---|---|
Title | - vRealize Operations updates address a local privilege escalation vulnerability |
Informations | |||
---|---|---|---|
Name | VMSA-2018-0031 | First vendor Publication | 2018-12-18 |
Vendor | VMware | Last vendor Modification | 2018-12-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Privilege escalation vulnerability in support scripts vROps contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a machine where vROps is installed. **The admin user (non-sudoer) should not be confused with root of the vROps machine. VMware would like to thank Alessandro Zanni, pentester at OVH for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6978 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2018-0031.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2019-02-06 21:21:33 |
|
2018-12-19 00:21:33 |
|
2018-12-18 21:19:15 |
|