Privilege Escalation Vulnerability in AWS CloudFormation Bootstrap Tools

Privilege Escalation Vulnerability in AWS CloudFormation Bootstrap Tools

CVE-2017-9450 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.

Learn more about our Cis Benchmark Audit For Amazon Web Services.