cbcvebase.
CVE-2016-3643
published 2016-06-17

CVE-2016-3643: SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat…

PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
3.70%
88.4th percentile
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."

Affected

1 ranges
VendorProductVersion rangeFixed in
solarwindsvirtualization_manager<= 6.3.1

Detection & IOCsextracted from sources · hover to see the quote

commandsudo cat /etc/passwd
  • Monitor for low-privileged users invoking 'sudo' to execute commands such as 'cat /etc/passwd' or 'cat /etc/shadow' on SolarWinds Virtualization Manager appliances, which indicates abuse of the misconfigured sudo policy.
  • Audit sudoers configuration on SolarWinds Virtualization Manager appliances for overly permissive rules that allow any local user to execute arbitrary commands as superuser.
  • This attack requires an OS-level shell on the appliance; correlate with any interactive shell sessions or SSH logins by non-administrative accounts on the Virtualization Manager appliance.
  • ·Exploitation is local only — an attacker must already have an OS shell on the SolarWinds Virtualization Manager appliance before leveraging the sudo misconfiguration.
  • ·Affected versions are SolarWinds Virtualization Manager 6.3.1 and earlier; versions after the hotfix/manufacturing release are not vulnerable.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.