Skip to main content

Bosh Windows Stemcell Builder

2 CVEs product

Monthly

CVE-2026-47831 HIGH PATCH This Week

Predictable SSH credential generation in Cloud Foundry's bosh-windows-stemcell-builder (versions prior to v2019.98) lets attackers brute-force the SSH login on TCP/22 because the GenerateRandomPassword function relies on a cryptographically weak random number generator, drastically shrinking the effective password keyspace. Any Windows stemcell built with an affected release ships with a guessable administrative password, so an attacker who can reach port 22 of a deployed VM can recover interactive access and full control. No public exploit code has been identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Information Disclosure Bosh Windows Stemcell Builder
NVD
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-47830 HIGH PATCH This Week

Local privilege escalation in BOSH-Ecosystem bosh-windows-stemcell-builder (versions prior to v2019.98) lets a low-privilege authenticated Windows user overwrite the BOSH agent executables at C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe, which then run as NT AUTHORITY\SYSTEM on the next service restart or reboot, yielding full host control. The weakness stems from overly permissive filesystem ACLs applied by BOSH.Utils.psm1 when the stemcell is built. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Information Disclosure Bosh Windows Stemcell Builder
NVD
CVSS 4.0
8.5
EPSS
0.1%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Predictable SSH credential generation in Cloud Foundry's bosh-windows-stemcell-builder (versions prior to v2019.98) lets attackers brute-force the SSH login on TCP/22 because the GenerateRandomPassword function relies on a cryptographically weak random number generator, drastically shrinking the effective password keyspace. Any Windows stemcell built with an affected release ships with a guessable administrative password, so an attacker who can reach port 22 of a deployed VM can recover interactive access and full control. No public exploit code has been identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Information Disclosure Bosh Windows Stemcell Builder
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation in BOSH-Ecosystem bosh-windows-stemcell-builder (versions prior to v2019.98) lets a low-privilege authenticated Windows user overwrite the BOSH agent executables at C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe, which then run as NT AUTHORITY\SYSTEM on the next service restart or reboot, yielding full host control. The weakness stems from overly permissive filesystem ACLs applied by BOSH.Utils.psm1 when the stemcell is built. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Information Disclosure Bosh Windows Stemcell Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy