PT-2018-11358 · Microsoft · Windows 2012R2 Stemcells

Published

2018-05-17

Updated

2018-06-20

CVE-2018-1276

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Windows 2012R2 stemcells versions prior to 1200.17

Description The issue allows a remote user with the ability to push apps to execute crafted commands, reading the IaaS metadata from the VM. This metadata may contain BOSH credentials.

Recommendations For Windows 2012R2 stemcells versions prior to 1200.17, update to version 1200.17 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1276

Affected Products

Windows 2012R2 Stemcells

PT-2018-11358 · Microsoft · Windows 2012R2 Stemcells

CVE-2018-1276

Weakness Enumeration

Related Identifiers

Affected Products

References · 3