Virtual Machine Manager
CVE-2015-0012
MEDIUM
Severity by source
AV:L/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability."
AnalysisAI
Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine. Rated medium severity (CVSS 6.9).
Technical ContextAI
This vulnerability is classified under CWE-264. Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability." Affected products include: Microsoft Virtual Machine Manager.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Virtual Machine Manager
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today