Information Exposure Vulnerability in Windows 2012R2 Stemcells on vSphere

Information Exposure Vulnerability in Windows 2012R2 Stemcells on vSphere

CVE-2018-1276 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.

Learn more about our User Device Pen Test.