KLA10454 PE vulnerabilities in MSCVMM

2015-02-1000:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

20.0%

JSON

Improper user roles validating was found in MSCVMM. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a specially designed credentials.

Original advisories

MS bulletin

CVE-2015-0012

Related products

Microsoft-System-Center-Virtual-Machine-Manager

CVE list

CVE-2015-0012 high

KB list

3023195

3035898

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.