CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9450 – aws-cfn-bootstrap Local Code Execution
https://notcve.org/view.php?id=CVE-2017-9450
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. Las versiones anteriores a la 1.4-19.10 del paquete de herramientas de arranque Amazon Web Services (AWS) CloudFormation, también conocido como aws-cfn-bootstrap, permiten que usuarios locales ejecuten código arbitrario con privilegios root aprovechando la habilidad para crear archivos en un directorio sin especificar. aws-cfn-bootstrap versions prior to 1.4-22.14 suffer from a local code execution vulnerability. • http://www.securityfocus.com/bid/99972 https://alas.aws.amazon.com/ALAS-2017-861.html https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.txt • CWE-269: Improper Privilege Management •