CVE-2022-23511

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they're able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.

Existe un problema de escalada de privilegios dentro de Amazon CloudWatch Agent para Windows, software para recopilar métricas y registros de instancias Amazon EC2 y servidores locales, en versiones hasta la v1.247354 incluida. Cuando los usuarios inician una reparación del Agente, se abre una ventana emergente con permisos de SYSTEM. Los usuarios con acceso administrativo a los hosts afectados pueden usar esto para crear un nuevo símbolo del sistema como NT AUTHORITY\SYSTEM. Para desencadenar este problema, el tercero debe poder acceder al host afectado y elevar sus privilegios de modo que pueda desencadenar el proceso de reparación del agente. También deben poder instalar las herramientas necesarias para desencadenar el problema. Este problema no afecta al agente de CloudWatch para macOS o Linux. Los usuarios del agente deben actualizar a la versión 1.247355 del agente de CloudWatch para solucionar este problema. No se recomienda ninguna solución alternativa. Los usuarios afectados deben actualizar la versión instalada del Agente de CloudWatch para solucionar este problema.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-12-12 CVE Published
2024-07-04 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-274: Improper Handling of Insufficient Privileges

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/aws/amazon-cloudwatch-agent/commit/6119858864c317ff26f41f576c169148d1250837#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52	2023-01-25
https://github.com/aws/amazon-cloudwatch-agent/security/advisories/GHSA-j8x2-2m5w-j939	2023-01-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Amazon Search vendor "Amazon"	Cloudwatch Agent Search vendor "Amazon" for product "Cloudwatch Agent"	< 1.247355 Search vendor "Amazon" for product "Cloudwatch Agent" and version " < 1.247355"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe