Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0012

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2015-0012
Last Modified 18 Feb 2015 10:00:14
Published 10 Feb 2015 10:00:32
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0012

Summary

Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability."

Vulnerable Systems

Application

  • Microsoft Virtual Machine Manager 2012


References

MS - MS15-017

XF - ms-vmmanager-cve20150012-priv-esc(100428)

SECTRACK - 1031726

BID - 72473

Related Patches

MS15-017 Security Update for Microsoft System Center 2012 R2 - Virtual Machine Manager UR5 (KB3023195)


Last Updated: 27 May 2016 11:07:50