CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29527
https://notcve.org/view.php?id=CVE-2022-29527
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition. Amazon AWS amazon-ssm-agent versiones anteriores a 3.1.1208.0, crea un archivo sudoers escribible en todo el mundo, lo que permite a los atacantes locales inyectar reglas Sudo y escalar privilegios a root. Esto ocurre en determinadas situaciones que implican una condición de carrera • https://bugzilla.suse.com/show_bug.cgi?id=1196556 https://github.com/aws/amazon-ssm-agent/commit/0fe8ae99b2ff25649c7b86d3bc05fc037400aca7 https://github.com/aws/amazon-ssm-agent/releases/tag/3.1.1208.0 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-0070 – Log4j hot patch package privilege escalation
https://notcve.org/view.php?id=CVE-2022-0070
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. Una corrección incompleta para CVE-2021-3100. El paquete hotpatch de Apache Log4j que comienza con log4j-cve-2021-44228-hotpatch-1.1-16, ahora imitará explícitamente las capacidades de Linux y los cgroups del proceso Java de destino al que es aplicado el hotpatch • https://alas.aws.amazon.com/cve/html/CVE-2022-0070.html https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3100 – Log4j hot patch package privilege escalation
https://notcve.org/view.php?id=CVE-2021-3100
The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. El paquete hotpatch de Apache Log4j anterior a log4j-cve-2021-44228-hotpatch-1.1-13 no imitaba los permisos de la JVM que se parcheaba, lo que permitía escalar privilegios • https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html https://alas.aws.amazon.com/ALAS-2021-1554.html https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-25165
https://notcve.org/view.php?id=CVE-2022-25165
An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. • https://github.com/RhinoSecurityLabs/CVEs https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-25166
https://notcve.org/view.php?id=CVE-2022-25166
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file. Se ha detectado un problema en Amazon AWS VPN Client versión 2.0.0. • https://github.com/RhinoSecurityLabs/CVEs https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •