Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNate KettlewellPACKETSTORM:137487
HistoryJun 15, 2016 - 12:00 a.m.

Solarwinds Virtualization Manager 6.3.1 Privilege Escalation

2016-06-1500:00:00
Nate Kettlewell
packetstormsecurity.com
35

0.001 Low

EPSS

Percentile

47.1%

JSON
`Product: Solarwinds Virtualization Manager  
  
Vendor: Solarwinds  
Vulnerable Version(s): < 6.3.1  
Tested Version: 6.3.1  
  
Vendor Notification: April 25th, 2016  
Vendor Patch Availability to Customers: June 1st, 2016  
Public Disclosure: June 14th, 2016  
  
Vulnerability Type: Security Misconfiguration  
CVE Reference: CVE-2016-3643  
Risk Level: High  
CVSSv2 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H)  
Solution Status: Solution Available  
  
Discovered and Provided: Nate Kettlewell, Depth Security ( https://www.depthsecurity.com/ )  
  
-----------------------------------------------------------------------------------------------  
  
Advisory Details:  
  
Depth Security discovered a vulnerability in Solarwinds Virtualization Manager appliance.  
This attack requires a user to have an operating system shell on the vulnerable appliance.  
  
1) Misconfiguration of sudo in Solarwinds Virtualization Manager: CVE-2016-3643  
  
The vulnerability exists due to the miconfiguration of sudo in that it allows any local user to use sudo to execute commands as the superuser.  
A local attacker can obtain root privileges to the operating system regardless of privilege level.  
  
-----------------------------------------------------------------------------------------------  
  
Solution:  
  
Solarwinds has released a hotfix to remediate this vulnerability on existing installations.  
  
This flaw as well as several others have been corrected and that release has been put into manufacturing for new appliances.  
  
-----------------------------------------------------------------------------------------------  
  
Proof of Concept:  
  
The following is an example of the commands necessary for a low-privileged user to dump the contents of the "/etc/shadow" file by using sudo.  
  
sudo cat /etc/passwd  
  
-----------------------------------------------------------------------------------------------  
  
References:  
  
[1] Solarwinds Virtualization Manager- http://www.solarwinds.com/virtualization-manager - Solarwinds Virtualization Manager provides monitoring and remediation for virtualized environments.  
  
  
`

Related

cisa_kev 1
nessus 1
prion 1
cvelist 1
cve 1
exploitpack 1
attackerkb 1
zdt 1
nvd 1
exploitdb 1
qualysblog 1
cisa_kev
cisa_kev
SolarWinds Virtualization Manager Privilege Escalation Vulnerability
2021-11-03 00:00:00
nessus
nessus
SolarWinds Virtualization Manager <= 6.3.1 Privilege Escalation
2021-11-08 00:00:00
prion
prion
Sql injection
2016-06-17 15:59:00
cvelist
cvelist
CVE-2016-3643
2016-06-17 15:00:00
cve
cve
CVE-2016-3643
2016-06-17 15:59:02
exploitpack
exploitpack
SolarWinds Virtualization Manager - Local Privilege Escalation
2016-06-16 00:00:00
attackerkb
attackerkb
CVE-2016-3643
2016-06-17 00:00:00
zdt
zdt
SolarWinds Virtualization Manager - Privilege Escalation
2016-06-16 00:00:00
nvd
nvd
CVE-2016-3643
2016-06-17 15:59:02
exploitdb
exploitdb
SolarWinds Virtualization Manager - Local Privilege Escalation
2016-06-16 00:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

0.001 Low

EPSS

Percentile

47.1%

JSON
Related for PACKETSTORM:137487
cisa_kev1nessus1prion1cvelist1cve1exploitpack1attackerkb1zdt1nvd1exploitdb1qualysblog1