PT-2016-2287 · Solarwinds · Solarwinds Virtualization Manager

Nate Kettlewell

Published

2016-06-17

Updated

2025-03-07

CVE-2016-3643

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SolarWinds Virtualization Manager versions 6.3.1 and earlier

Description The issue is related to a misconfiguration of sudo in SolarWinds Virtualization Manager, which can be exploited by a local attacker to gain elevated privileges. This can be demonstrated by executing commands such as sudo cat /etc/passwd.

Recommendations For SolarWinds Virtualization Manager versions 6.3.1 and earlier, correct the sudo misconfiguration to prevent privilege escalation. Ensure that sudo is properly configured to restrict unauthorized access to sensitive files and commands.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16CWE-264

Related Identifiers

BDU:2016-01676

CVE-2016-3643

Affected Products

Solarwinds Virtualization Manager

PT-2016-2287 · Solarwinds · Solarwinds Virtualization Manager

CVE-2016-3643

Weakness Enumeration

Related Identifiers

Affected Products

References · 11