Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:07A96707EBA835B7D8CFD929B13CE180
HistoryApr 04, 2017 - 12:00 a.m.

CVE-2017-4964: BOSH Azure CPI code injection vulnerability | Cloud Foundry

2017-04-0400:00:00
Cloud Foundry
www.cloudfoundry.org
25

0.0004 Low

EPSS

Percentile

12.8%

JSON

****Severity

Medium

Vendor

Cloud Foundry Foundation

Versions Affected

  • BOSH Azure CPI Release v22

Description

The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director.

Mitigation

OSS users are strongly encouraged to follow the mitigation below:

  • Update your BOSH Director to use v23 [1] or later of the Azure CPI release

Credit

Paul Nikonowicz and Sunjay Bhatia

References

History

2017-04-04: Initial vulnerability report published

Related

cve 1
cvelist 1
prion 1
nvd 1
cve
cve
CVE-2017-4964
2017-04-06 19:59:00
cvelist
cvelist
CVE-2017-4964
2017-04-06 19:00:00
prion
prion
Code injection
2017-04-06 19:59:00
nvd
nvd
CVE-2017-4964
2017-04-06 19:59:00

0.0004 Low

EPSS

Percentile

12.8%

JSON
Related for CFOUNDRY:07A96707EBA835B7D8CFD929B13CE180
cve1cvelist1prion1nvd1