Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12191

A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.

Published

2018-02-28T13:29:00.210

Last Modified

2024-11-21T03:09:01.327

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.4 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-284
Type: Secondary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	cloudforms	4.5	Yes

References

https://access.redhat.com/errata/RHSA-2018:0374 Patch, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1500517 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:0374 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1500517 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)