CVE-2017-4961

Published Jun 13, 2017

Last updated 6 years ago

CVSS high 8.8

Overview

Description: An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-354

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:260:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8F3F33E-AEE9-4D6B-96F8-908AECBCE525"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:260.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF5D0352-286C-4F64-9147-DEBE00F8B00D"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:260.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44842718-23C0-462F-AEA0-0A1112BBF3B6"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:260.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D81B883-92C1-40C5-A791-03243CA6A463"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:260.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D755675-393A-440C-8333-E53CEE9CCB49"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:260.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99AD3D75-6439-43CC-89CE-BA94BB8617A8"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:260.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "075C80C7-CF9E-4D0B-8A8F-009DAC9FF84D"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:260.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5126E768-3CF2-4E88-AC18-23BAD27EDDAB"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:261:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8AC8AC7-38F4-4106-8805-8F805C257A58"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:261.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F460F5ED-2FB6-49B7-9E9F-326388E713C1"
          },
          {
            "criteria": "cpe:2.3:a:cloud_foundry:bosh:261.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D858418-DCD2-4463-9330-C9A6C3E99237"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References