CVE-2017-4961

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-354
View all →

Vulnerability Description

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."

Related Vulnerabilities

CVE-2020-14120

HIGH
CVSS:8.8(High)

Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can indu...

CWE-3542020

CVE-2020-25758

HIGH
CVSS:8.8(High)

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into sa...

CWE-3542020

CVE-2022-29173

HIGH
CVSS:8.8(High)

go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, c...

CWE-3542022

CVE-2023-4929

HIGH
CVSS:8.8(High)

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgra...

CWE-3542023

CVE-2024-3596

CRITICAL
CVSS:9.0(Critical)

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a...

CWE-3542024

CVE-2022-29898

CRITICAL
CVSS:9.1(Critical)

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper ...

CWE-3542022