CVE-2018-6978

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
vmwarevrealize_operations
6.6.0 ≤
𝑥
< 6.6.1.11286876
vmwarevrealize_operations
6.7.0 ≤
𝑥
< 6.7.0.11286837
vmwarevrealize_operations
7.0.0 ≤
𝑥
< 7.0.0.11287810
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106242
https://www.vmware.com/security/advisories/VMSA-2018-0031.html
http://www.securityfocus.com/bid/106242
https://www.vmware.com/security/advisories/VMSA-2018-0031.html