Main Vulnerability Database Vulnerabilities #VU95409

#VU95409 Permissions, Privileges, and Access Controls in Amazon Linux AMI and sudo - CVE-2024-31969

Published: August 6, 2024

Vulnerability identifier: #VU95409

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-31969

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Amazon Linux AMI
sudo

Software vendor:
Amazon Web Services

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in sudo. A local user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root.

Remediation

Install updates from vendor's website.

External links

https://alas.aws.amazon.com/ALAS-2024-1922.html

#VU95409 Permissions, Privileges, and Access Controls in Amazon Linux AMI and sudo - CVE-2024-31969

Description

Remediation

External links

Please verify you're human