Vulnerability Name:

CVE-2010-2667 (CCN-60350)

Assigned:2010-07-13
Published:2010-07-13
Updated:2018-10-10
Summary:Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.0 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-2667

Source: MLIST
Type: Patch
[security-announce] 20100712 VMSA-2010-0011 VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0

Source: CCN
Type: SA40507
VMware Studio Privilege Escalation and Command Execution

Source: SECUNIA
Type: Vendor Advisory
40507

Source: CCN
Type: SECTRACK ID: 1024187
VMware Studio Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1024187

Source: CCN
Type: OSVDB ID: 66434
VMware Studio Privilege VAMI Unspecified Arbitrary Command Execution

Source: BUGTRAQ
Type: UNKNOWN
20100713 VMSA-2010-0011 VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.

Source: BID
Type: UNKNOWN
41566

Source: CCN
Type: BID-41566
VMware Studio Remote Arbitrary Command Execution Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2010-1791

Source: CCN
Type: VMSA-2010-0011
VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.wmware.com/security/advisories/VMSA-2010-0011.html

Source: XF
Type: UNKNOWN
studio-vami-command-execution(60350)

Source: XF
Type: UNKNOWN
studio-vami-command-execution(60350)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:studio:2.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:studio:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vmware studio 2.0
    vmware studio 2.0