Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-6978

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.

Published

2018-12-18T20:29:00.213

Last Modified

2024-11-21T04:11:31.297

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	vrealize_operations	< 6.6.1.11286876	Yes
Application	vmware	vrealize_operations	< 6.7.0.11286837	Yes
Application	vmware	vrealize_operations	< 7.0.0.11287810	Yes

References

http://www.securityfocus.com/bid/106242 Third Party Advisory, VDB Entry ([email protected])
https://www.vmware.com/security/advisories/VMSA-2018-0031.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/106242 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2018-0031.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)