Remote Command Execution Vulnerability in Apache Ambari Agent
CVE-2016-6807

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Apache Ambari
Vendor: CVE Published:; 28 March 2017

Summary

The Apache Ambari Agent prior to version 2.4.2 allows for the execution of custom commands on affected hosts without proper authorization. This vulnerability can lead to unauthorized access to critical operations performed by the Ambari Agent process, which can affect the integrity and security of the underlying system. The issue arises when the Ambari Agent process is executed with insufficient validation of command authentication, enabling potential attackers to exploit this weakness.

Affected Version(s)

Apache Ambari 2.4.x before 2.4.2

References

http://www.securityfocus.com/bid/97184

vdb-entryx_refsource_BID

https://cwiki.apache.org/confluence/display/AMBARI/Ambari...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2017
Vulnerability Reserved
Aug 12, 2016