Vulnerability Description
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Amazon Web Services Cloudformation Bootstrap | < 1.4-19.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99972Third Party AdvisoryVDB Entry
- https://alas.aws.amazon.com/ALAS-2017-861.htmlVendor Advisory
- https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.tx
- http://www.securityfocus.com/bid/99972Third Party AdvisoryVDB Entry
- https://alas.aws.amazon.com/ALAS-2017-861.htmlVendor Advisory
- https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.tx
FAQ
What is CVE-2017-9450?
CVE-2017-9450 is a vulnerability with a CVSS score of 7.8 (HIGH). The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the abilit...
How severe is CVE-2017-9450?
CVE-2017-9450 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9450?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Amazon Web Services Cloudformation Bootstrap.