vRealize Operations updates address a local privilege escalation vulnerability – CVE-2018-6978 (18-12-2018)

Preface: Open a command prompt and type the following commands in sequence. Download vSphere PowerCLI from the Download page of the VMware Web site and install the vSphere PowerCLI software.

Technical background:
VMware vRealize Operations will help customers derive even more value from a “Self-Driving” approach to operations management. For instance:

  • Intent-Driven Continuous Performance Optimization
  • Efficient Capacity Management
  • Intelligent Remediation

Vulnerability:
VMware vRealize Operations (vROps) could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper permissions of support scripts. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain root privileges on a vROps machine.

Remedy: https://www.vmware.com/security/advisories/VMSA-2018-0031.html