Vulners
Lucene search
SolarWinds Virtualization Manager - Local Privilege Escalation
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | SolarWinds Virtualization Manager - Privilege Escalation | 16 Jun 201600:00 | – | zdt |
 | CVE-2016-3643 | 17 Jun 201600:00 | – | attackerkb |
 | CVE-2016-3643 | 8 Nov 202108:58 | – | circl |
 | SolarWinds Virtualization Manager Privilege Escalation Vulnerability | 3 Nov 202100:00 | – | cisa_kev |
 | SolarWinds Virtualization Manager Privilege Gain Vulnerability | 20 Jun 201600:00 | – | cnvd |
 | CVE-2016-3643 | 17 Jun 201615:00 | – | cve |
 | CVE-2016-3643 | 17 Jun 201615:00 | – | cvelist |
 | EUVD-2016-4668 | 7 Oct 202500:30 | – | euvd |
 | SolarWinds Virtualization Manager - Local Privilege Escalation | 16 Jun 201600:00 | – | exploitpack |
 | CVE-2016-3643 | 17 Jun 201615:59 | – | nvd |
10
Product: Solarwinds Virtualization Manager
Vendor: Solarwinds
Vulnerable Version(s): < 6.3.1
Tested Version: 6.3.1
Vendor Notification: April 25th, 2016
Vendor Patch Availability to Customers: June 1st, 2016
Public Disclosure: June 14th, 2016
Vulnerability Type: Security Misconfiguration
CVE Reference: CVE-2016-3643
Risk Level: High
CVSSv2 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H)
Solution Status: Solution Available
Discovered and Provided: Nate Kettlewell, Depth Security ( https://www.depthsecurity.com/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
Depth Security discovered a vulnerability in Solarwinds Virtualization Manager appliance.
This attack requires a user to have an operating system shell on the vulnerable appliance.
1) Misconfiguration of sudo in Solarwinds Virtualization Manager: CVE-2016-3643
The vulnerability exists due to the miconfiguration of sudo in that it allows any local user to use sudo to execute commands as the superuser.
A local attacker can obtain root privileges to the operating system regardless of privilege level.
-----------------------------------------------------------------------------------------------
Solution:
Solarwinds has released a hotfix to remediate this vulnerability on existing installations.
This flaw as well as several others have been corrected and that release has been put into manufacturing for new appliances.
-----------------------------------------------------------------------------------------------
Proof of Concept:
The following is an example of the commands necessary for a low-privileged user to dump the contents of the "/etc/shadow" file by using sudo.
sudo cat /etc/passwd
-----------------------------------------------------------------------------------------------
References:
[1] Solarwinds Virtualization Manager- http://www.solarwinds.com/virtualization-manager - Solarwinds Virtualization Manager provides monitoring and remediation for virtualized environments.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jun 2016 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 27.2
CVSS 3.17.8
EPSS0.05181
SSVC