CVE-2022-23511 Detail
Current Description
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITYSYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they’re able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.
Analysis Description
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITYSYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they’re able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.
Severity
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-274 | Improper Handling of Insufficient Privileges | GitHub, Inc. |
Change History
2 change records found show changes
Initial Analysis by NIST 12/13/2022 3:41:18 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CPE Configuration |
AND
OR
*cpe:2.3:a:amazon:cloudwatch_agent:*:*:*:*:*:*:*:* versions up to (excluding) 1.247355
OR
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
|
|
| Added | CVSS V3.1 |
NIST AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
|
| Changed | Reference Type |
https://github.com/aws/amazon-cloudwatch-agent/commit/6119858864c317ff26f41f576c169148d1250837#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52 No Types Assigned |
https://github.com/aws/amazon-cloudwatch-agent/commit/6119858864c317ff26f41f576c169148d1250837#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52 Patch, Third Party Advisory |
| Changed | Reference Type |
https://github.com/aws/amazon-cloudwatch-agent/security/advisories/GHSA-j8x2-2m5w-j939 No Types Assigned |
https://github.com/aws/amazon-cloudwatch-agent/security/advisories/GHSA-j8x2-2m5w-j939 Patch, Third Party Advisory |
CVE Modified by GitHub, Inc. 12/12/2022 10:15:10 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | Description | Record truncated, showing 500 of 965 characters. View Entire Change Record A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITYSYSTEM. To trigger this issue, the third party must be able to access the affecte |
Record truncated, showing 500 of 965 characters. View Entire Change Record A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITYSYSTEM. To trigger this issue, the third party must be able to access the affecte |
Quick Info
CVE Dictionary Entry:
CVE-2022-23511
NVD Published Date:
12/12/2022
NVD Last Modified:
12/13/2022
Source:
GitHub, Inc.