← back
CVE-2017-12191

CVE-2017-12191

EPSS 0.9%CWE-284
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
28 Feb 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.
Affected products
Red Hat, Inc. · CloudForms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2018:0374https://bugzilla.redhat.com/show_bug.cgi?id=1500517