Vigil@nce - Microsoft System Center: privilege escalation via VMM User Role
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use Microsoft System Center VMM, in order to
escalate his privileges.
Impacted products: SCCM, SCOM
Severity: 2/4
Creation date: 10/02/2015
DESCRIPTION OF THE VULNERABILITY
The Microsoft System Center Virtual Machine Manager product
defines user roles.
However, VMM does not correctly validate these roles.
An attacker can therefore use Microsoft System Center VMM, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN