CVE-2018-6978
Last modified
CVE-2018-6978 is a vulnerability of currently unknown severity. vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vrealize Operations | >= 6.6.0, < 6.6.1.11286876 |
| Vmware | Vrealize Operations | >= 6.7.0, < 6.7.0.11286837 |
| Vmware | Vrealize Operations | >= 7.0.0, < 7.0.0.11287810 |
References
- http://www.securityfocus.com/bid/106242Third Party Advisory, VDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0031.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/106242Third Party Advisory, VDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0031.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-6978?
How severe is CVE-2018-6978?
How do I fix CVE-2018-6978?
Are you affected by CVE-2018-6978?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST