Today, VMware has released the following new security advisory:
“VMSA-2018-0031 – vRealize Operations updates address a local privilege escalation vulnerability”
This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6978) in vRealize Operations (vROps). The issue exists due to improper permissions of support scripts. Admin** user of the vROps application with shell access may exploit this issue to elevate the privileges to root on a vROps machine.
**The admin user (non-sudoer) should not be confused with root of the vROps machine.
We would like to thank Alessandro Zanni, pentester at OVH for reporting this issue to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.