CVE-2017-2809 : An exploitable vulnerability exists in the yaml loading functionality of ansible

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.

Published 2017-09-14 19:29:00

Updated 2022-04-19 19:15:22

Source Talos

View at NVD, CVE.org

Products affected by CVE-2017-2809

Ansible-vault Project » Ansible-vault
Versions up to, including, (<=) 1.0.4
cpe:2.3:a:ansible-vault_project:ansible-vault:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-2809

EPSS FAQ

0.66%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-2809

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.5	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	1.6	5.9	Talos
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-2809

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-2809

https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt

ansible-vault/CHANGES.txt at v1.0.5 · tomoh1r/ansible-vault · GitHub
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/issues/4

Security issue · Issue #4 · tomoh1r/ansible-vault · GitHub
Third Party Advisory
https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04

Fix security issue refs #4 · tomoh1r/ansible-vault@3f8f659 · GitHub
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305

TALOS-2017-0305 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Exploit;Third Party Advisory
http://www.securityfocus.com/bid/100824

Python Ansible Vault Package CVE-2017-2809 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-2809

Products affected by CVE-2017-2809

Exploit prediction scoring system (EPSS) score for CVE-2017-2809

CVSS scores for CVE-2017-2809

CWE ids for CVE-2017-2809

References for CVE-2017-2809