CVE-2015-0012

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2015-0012
Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability."

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.securitytracker.com/id/1031726 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/72473 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100428 VDB Entry
http://www.securitytracker.com/id/1034652 Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-017 Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:virtual_machine_manager:2012:r2_rollup4:*:*:*:*:*:*
Information

Published : 2015-02-10 19:00

Updated : 2018-11-20 12:29

NVD link : CVE-2015-0012

Mitre link : CVE-2015-0012

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

microsoft

  • virtual_machine_manager