CVE-2017-9450

The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
amazonamazon_web_services_cloudformation_bootstrap
𝑥
< 1.4-19.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99972
https://alas.aws.amazon.com/ALAS-2017-861.html
https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.txt
http://www.securityfocus.com/bid/99972
https://alas.aws.amazon.com/ALAS-2017-861.html
https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.txt