Main Vulnerability Database Vulnerabilities #VU14158

Privilege escalation in Red Hat Virtualization Host and Red Hat Virtualization - CVE-2018-10875

Published: August 1, 2018

Vulnerability identifier: #VU14158

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2018-10875

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
Red Hat Virtualization Host
Red Hat Virtualization

Detailed vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to the system loads inventory variables from the current working directory when running an ad-hoc command. A local attacker can modify the variables and execute arbitrary code from those paths with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-10875

Install update from vendor's website.

Sources

https://access.redhat.com/errata/RHSA-2018:2321

Privilege escalation in Red Hat Virtualization Host and Red Hat Virtualization - CVE-2018-10875

Detailed vulnerability description

How to mitigate CVE-2018-10875

Sources

Please verify you're human