Main Vulnerability Database Vulnerabilities #VU14158

#VU14158 Privilege escalation in Red Hat Virtualization Host and Red Hat Virtualization - CVE-2018-10875

Published: August 1, 2018

Vulnerability identifier: #VU14158

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2018-10875

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Red Hat Virtualization Host
Red Hat Virtualization

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to the system loads inventory variables from the current working directory when running an ad-hoc command. A local attacker can modify the variables and execute arbitrary code from those paths with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://access.redhat.com/errata/RHSA-2018:2321

#VU14158 Privilege escalation in Red Hat Virtualization Host and Red Hat Virtualization - CVE-2018-10875

Description

Remediation

External links

Please verify you're human