← back
CVE-2016-3643

CVE-2016-3643

CVSS 7.8 HIGHEPSS 3.7%● KEV
In short

SolarWinds Virtualization Manager up to version 6.3.1 has a sudo misconfiguration that allows local users to read sensitive system files and gain higher privileges on the server.

Technical detail

Local privilege escalation vulnerability in SolarWinds Virtualization Manager ≤6.3.1 caused by improper sudo configuration, enabling authenticated local users to execute privileged commands (e.g., cat /etc/passwd) without proper authorization. Requires local system access but allows unrestricted elevation of privileges and information disclosure.

Summary generated and translated by AI from the official description.
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/137487/Solarwinds-Virtualization-Manager-6.3.1-Privilege-Escalation.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39967/unverifiedexploitdbwww.exploit-db.com/exploits/39967unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/137487/Solarwinds-Virtualization-Manager-6.3.1-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2016/Jun/26https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3643https://www.exploit-db.com/exploits/39967/