CVE-2017-12191 Vulnerability Details

  /     /     /  

CVE-2017-12191 Metadata Quick Info

CVE Published: 28/02/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: redhat | Vendor: Red Hat, Inc. | Product: CloudForms
Status : PUBLISHED

---

CVE-2017-12191 Description

A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: Improper Access Control (CWE-284)
Source: Red Hat, Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).