CVE-2017-12191
Last modified
CVE-2017-12191 is a vulnerability of currently unknown severity. A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). EPSS estimates a 0.89% chance of exploitation in the next 30 days.
Description
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms | 4.5 |
References
- https://access.redhat.com/errata/RHSA-2018:0374Patch, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1500517Issue Tracking, Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:0374Patch, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1500517Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12191?
How severe is CVE-2017-12191?
How do I fix CVE-2017-12191?
Are you affected by CVE-2017-12191?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST