Amazon Linux 2 : aws-kinesis-agent (ALAS-2025-2788)

🗓️ 10 Mar 2025 00:00:00Reported by TenableType

AWS Kinesis Agent prior to version 2.0.10-1 is vulnerable per advisory ALAS-2025-2788.

Reporter	Title	Published	Views	Family All 315
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform	26 Mar 202503:41	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023	10 Mar 202318:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)	9 Sep 202405:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect for Space Management Client (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)	9 Dec 202210:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (March 2025)	27 Mar 202516:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® Graph	24 Apr 202322:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in jackson-databind ( CVE-2022-42004, CVE-2022-42003)	17 May 202320:44	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty, FasterXML jackson-databind, and Zlib affect IBM Spectrum Protect for Virtual Environments (CVE-2022-34165, CVE-2022-42003, CVE-2022-42004, CVE-2018-25032)	10 Dec 202200:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities	9 Feb 202615:27	–	ibm

Source	Link
alas	www.alas.aws.amazon.com/AL2/ALAS-2025-2788.html
alas	www.alas.aws.amazon.com/cve/html/CVE-2022-42004.html
alas	www.alas.aws.amazon.com/faqs.html
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2025-2788.
##

include('compat.inc');

if (description)
{
  script_id(232358);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/30");

  script_cve_id("CVE-2022-42004");

  script_name(english:"Amazon Linux 2 : aws-kinesis-agent (ALAS-2025-2788)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of aws-kinesis-agent installed on the remote host is prior to 2.0.10-1. It is, therefore, affected by a
vulnerability as referenced in the ALAS2-2025-2788 advisory.

    In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in
    BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is
    vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2025-2788.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-42004.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update aws-kinesis-agent' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-42004");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/02/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:aws-kinesis-agent");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'aws-kinesis-agent-2.0.10-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "aws-kinesis-agent");
}

30 Oct 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.5

EPSS0.00229