Vulnerability Details CVE-2017-4961
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2017-4961
-
cpe:2.3:a:cloud_foundry:bosh:260
-
cpe:2.3:a:cloud_foundry:bosh:260.1
-
cpe:2.3:a:cloud_foundry:bosh:260.2
-
cpe:2.3:a:cloud_foundry:bosh:260.3
-
cpe:2.3:a:cloud_foundry:bosh:260.4
-
cpe:2.3:a:cloud_foundry:bosh:260.5
-
cpe:2.3:a:cloud_foundry:bosh:260.6
-
cpe:2.3:a:cloud_foundry:bosh:260.7
-
cpe:2.3:a:cloud_foundry:bosh:261
-
cpe:2.3:a:cloud_foundry:bosh:261.1
-
cpe:2.3:a:cloud_foundry:bosh:261.2