CVE DATABASE / CVE-2022-29527
CVE-2022-29527
CVSS 7 · HIGH
Summary
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
CVSS 3.1 breakdown
| Base score | 7 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Amazon amazon ssm agent
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://bugzilla.suse.com/show_bug.cgi?id=1196556
- https://github.com/aws/amazon-ssm-agent/commit/0fe8ae99b2ff25649c7b86d3bc05fc037400aca7
- https://github.com/aws/amazon-ssm-agent/releases/tag/3.1.1208.0
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.