CVE-2017-9450

Sažetak

The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.

Reference

http://www.securityfocus.com/bid/99972
https://alas.aws.amazon.com/ALAS-2017-861.html
https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.txt

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

30-10-2017 - 14:29