CVE-2017-4961

HIGH

Cloud Foundry Foundation BOSH Release <261.3 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."

References (1)

[Vendor Advisory] https://www.cloudfoundry.org/cve-2017-4961/

Scores

CVSS v3 8.8

EPSS 0.0020

EPSS Percentile 41.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-354

Status published

Products (12)

cloud_foundry/bosh 260

cloud_foundry/bosh 260.1

cloud_foundry/bosh 260.2

cloud_foundry/bosh 260.3

cloud_foundry/bosh 260.4

cloud_foundry/bosh 260.5

cloud_foundry/bosh 260.6

cloud_foundry/bosh 260.7

cloud_foundry/bosh 261

cloud_foundry/bosh 261.1

... and 2 more

Published Jun 13, 2017

Tracked Since Feb 18, 2026