Vulnerability Description
Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Virtual Machine Manager | 2012 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/72473Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031726Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1034652Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-01PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100428VDB Entry
- http://www.securityfocus.com/bid/72473Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031726Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1034652Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-01PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100428VDB Entry
FAQ
What is CVE-2015-0012?
CVE-2015-0012 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrativ...
How severe is CVE-2015-0012?
CVE-2015-0012 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0012?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Virtual Machine Manager.