CVE-2016-3643: SolarWinds Virtualization Manager Privilege Escalation Vulnerability
First published: Fri Jun 17 2016(Updated: )
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds Virtualization Manager | <=6.3.1 | |
| SolarWinds Virtualization Manager | ||
| <=6.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3643?
CVE-2016-3643 has a moderate severity rating due to the potential for privilege escalation.
How do I fix CVE-2016-3643?
To fix CVE-2016-3643, ensure proper configuration of the sudoers file and restrict access appropriately.
Who is affected by CVE-2016-3643?
CVE-2016-3643 affects users of SolarWinds Virtualization Manager versions 6.3.1 and earlier.
What type of vulnerability is CVE-2016-3643?
CVE-2016-3643 is a local privilege escalation vulnerability resulting from a misconfiguration of sudo.
Can CVE-2016-3643 be exploited remotely?
No, CVE-2016-3643 requires local access to the system for exploitation.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/description
- agent/title
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/author
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- vendor/solarwinds
- canonical/solarwinds virtualization manager
- version/solarwinds virtualization manager/6.3.1