CVE-2017-12191 — HIGH (7.4)

Vulnerability Description

A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.

CVSS Score

7.4

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Redhat	Cloudforms	4.5

Related Weaknesses (CWE)

CWE-613 CWE-284

References

https://access.redhat.com/errata/RHSA-2018:0374PatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1500517Issue TrackingVendor Advisory
https://access.redhat.com/errata/RHSA-2018:0374PatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1500517Issue TrackingVendor Advisory

FAQ

What is CVE-2017-12191?

CVE-2017-12191 is a vulnerability with a CVSS score of 7.4 (HIGH). A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be ap...

How severe is CVE-2017-12191?

CVE-2017-12191 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12191?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms.