Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2017-4964: BOSH Azure CPI code injection vulnerability

by: April 4, 2017

CVE-2017-4964: BOSH Azure CPI code injection vulnerability

Severity

Medium

Vendor

Cloud Foundry Foundation

Versions Affected

  • BOSH Azure CPI Release v22

Description

The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director.

Mitigation

OSS users are strongly encouraged to follow the mitigation below:

  • Update your BOSH Director to use v23 [1] or later of the Azure CPI release

Credit

Paul Nikonowicz and Sunjay Bhatia

References

History

2017-04-04: Initial vulnerability report published

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-5005-1: DjVuLibre vulnerability
Security Advisory

USN-5005-1: DjVuLibre vulnerability

by Cloud Foundry Foundation Security Team September 7, 2021
USN-4151-1: Python vulnerabilities
Security Advisory

USN-4151-1: Python vulnerabilities

by Cloud Foundry Foundation Security Team November 6, 2019
CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size
Security Advisory

CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size

by Cloud Foundry Foundation Security Team October 24, 2019
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept