Vulnerability Details : CVE-2014-8373
The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.
Products affected by CVE-2014-8373
- cpe:2.3:a:vmware:vcloud_automation_center:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcloud_automation_center:6.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcloud_automation_center:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcloud_automation_center:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcloud_automation_center:6.0.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8373
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8373
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2014-8373
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8373
-
http://seclists.org/fulldisclosure/2014/Dec/33
Full Disclosure: NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability
-
http://packetstormsecurity.com/files/129455/VMware-Security-Advisory-2014-0013.html
VMware Security Advisory 2014-0013 ≈ Packet Storm
-
http://www.securitytracker.com/id/1031323
VMware vCloud Automation Center Lets Remote Authenticated Users Gain Administrative Privileges - SecurityTracker
-
http://www.vmware.com/security/advisories/VMSA-2014-0013.html
VMSA-2014-0013Vendor Advisory
-
http://www.securityfocus.com/archive/1/534186/100/0/threaded
SecurityFocus
Jump to