PT-2017-16231 · Cloud Foundry Foundation · Bosh Azure Cpi

Paul Nikonowicz

Published

2017-04-06

Updated

2021-05-27

CVE-2017-4964

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry Foundation BOSH Azure CPI version v22

Description The issue allows a maliciously crafted stemcell to potentially execute arbitrary code on VMs created by the director. This is described as a CPI code injection issue.

Recommendations For Cloud Foundry Foundation BOSH Azure CPI version v22, update to a version that includes the fix for this issue to prevent potential code injection.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2017-4964

Affected Products

Bosh Azure Cpi

PT-2017-16231 · Cloud Foundry Foundation · Bosh Azure Cpi

CVE-2017-4964

Weakness Enumeration

Related Identifiers

Affected Products

References · 3