CVE-2017-4961

EUVD-2017-14077
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
cloud_foundrybosh
260.1
cloud_foundrybosh
260.2
cloud_foundrybosh
260.3
cloud_foundrybosh
260.4
cloud_foundrybosh
260.5
cloud_foundrybosh
260.6
cloud_foundrybosh
260.7
cloud_foundrybosh
261.1
cloud_foundrybosh
261.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cloudfoundry.org/cve-2017-4961/
https://www.cloudfoundry.org/cve-2017-4961/