CVE-2022-46174

Published: Dec 28, 2022

Modified: Apr 11, 2025

PUBLISHED

CVSS v3.1

4.2

MEDIUM

Description

efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later.

Vendor	Product	Versions
aws	efs-utils	affected `< v1.34.4`

Weaknesses (CWE)

CWE-362

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

References

https://github.com/aws/efs-utils/security/advisories/GHSA-4fv8-w65m-3932

x_refsource_CONFIRM

https://github.com/aws/efs-utils/issues/125

x_refsource_MISC

https://github.com/aws/efs-utils/commit/f3a8f88167d55caa2f78aeb72d4dc1987a9ed62d

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-46174

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References