PT-2016-2287 · Solarwinds · Solarwinds Virtualization Manager

Nate Kettlewell

Publicado

2016-06-17

Atualizado

2025-03-07

CVE-2016-3643

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SolarWinds Virtualization Manager versions 6.3.1 and earlier

Description The issue is related to a misconfiguration of sudo in SolarWinds Virtualization Manager, which can be exploited by a local attacker to gain elevated privileges. This can be demonstrated by executing commands such as sudo cat /etc/passwd.

Recommendations For SolarWinds Virtualization Manager versions 6.3.1 and earlier, correct the sudo misconfiguration to prevent privilege escalation. Ensure that sudo is properly configured to restrict unauthorized access to sensitive files and commands.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-16CWE-264

Identificadores relacionados

BDU:2016-01676

CVE-2016-3643

Produtos afetados

Solarwinds Virtualization Manager

PT-2016-2287 · Solarwinds · Solarwinds Virtualization Manager

CVE-2016-3643

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11