Vulnerability Details : CVE-2018-6978
vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support scripts. Admin user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine. Note: the admin user (non-sudoer) should not be confused with root of the vROps machine.
Vulnerability category: Gain privilege
Products affected by CVE-2018-6978
- cpe:2.3:a:vmware:vrealize_operations:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vrealize_operations:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vrealize_operations:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-6978
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-6978
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2018-6978
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-6978
-
http://www.securityfocus.com/bid/106242
VMware vRealize Operations CVE-2018-6978 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://www.vmware.com/security/advisories/VMSA-2018-0031.html
VMSA-2018-0031Patch;Vendor Advisory
Jump to