CVE-2017-12191 in CloudFormsinfo

Summary

A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

08/01/2017

Disclosure

02/28/2018

Moderation

VulDB entry created

Entries

1: VDB-113942

CPE

ready

CWE

CWE-613 (Confirmed)

CVSS

7.4

EPSS

0.00169

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-12191
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-12191
CVE Details	https://www.cvedetails.com/cve/CVE-2017-12191/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!