Skip to main content

Virtual Machine Manager CVE-2015-0012

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2015-02-11 secure@microsoft.com
6.9
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Local
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Feb 11, 2015 - 03:00 cve.org
MEDIUM 6.9

DescriptionCVE.org

Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability."

AnalysisAI

Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine. Rated medium severity (CVSS 6.9).

Technical ContextAI

This vulnerability is classified under CWE-264. Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability." Affected products include: Microsoft Virtual Machine Manager.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2015-0012 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy