漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they're able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L
Vulnerability Type
不充分特权处理不恰当
Vulnerability Title
Amazon CloudWatch Agent 安全漏洞
Vulnerability Description
Amazon CloudWatch Agent是美国亚马逊(Amazon)公司的一个在您的服务器上自主连续运行的软件包代理。 Amazon CloudWatch Agent 1.247354及之前版本存在安全漏洞,该漏洞源于存在权限升级问题,当用户触发代理修复时,将打开一个具有 SYSTEM 权限的弹出窗口。 对受影响的主机具有管理访问权限的用户可以使用它来创建一个新的命令提示符作为 NT AUTHORITYSYSTEM。
CVSS Information
N/A
Vulnerability Type
N/A