Elevation of Privilege Vulnerability in Microsoft System Center Virtual Machine Manager
CVE-2015-0012

Currently unrated

Key Information:

Vendor: Microsoft
Status: Virtual Machine Manager
Vendor: CVE Published:; 11 February 2015

What is CVE-2015-0012?

The vulnerability in Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 stems from inadequate role validation for users. This flaw permits local users to gain unauthorized administrative privileges for both the server and virtual machines by initiating a session with Active Directory credentials. Attackers exploiting this vulnerability could manipulate the server environment and compromise the integrity of virtualized assets.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100428

vdb-entryx_refsource_XF

http://www.securitytracker.com/id/1031726

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2015
Vulnerability Reserved
Nov 18, 2014