CVE-2016-0930

Published Sep 18, 2016

Last updated 8 years ago

Overview

Description: Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist.
Source: security_alert@emc.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-362

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1429BBBA-0270-406A-B571-3BC5CA158045",
            "versionEndIncluding": "1.6.18"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02086554-3723-4998-B6BF-A4FD0983AAF9"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A0C82B7-EFA0-4F83-A0A9-A96C1FFC07DD"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A2E8A15-1A18-4102-9134-F68DA316298B"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "506190AE-83BF-4C2E-B3C0-5FA9475E0C10"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB867F94-3DB9-4DBC-8191-692F6BE17399"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0A9D60D-F5E0-4BE9-9435-4A5B56470BF0"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "403A40E0-1494-47DD-B456-23216F6731B5"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3B7C042-B1B8-45AE-BD9B-77DAD48971A8"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "226C2835-33A6-4F17-811A-D7A207CE6FF1"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:operations_manager:1.7.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B1E1C8C-6F16-4E3D-83B0-48CFF0F5CE2E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References