SCA: security update for github.com/aws/amazon-cloudwatch-agent (GHSA-j8x2-2m5w-j939)

medium Tenable Cloud Security Plugin ID 416260

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for
collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and
including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM
permissions. Users with administrative access to affected hosts may use this to create a new command
prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected
host and elevate their privileges such that they're able to trigger the agent repair process. They must
also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch
Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to
address this issue. There is no recommended work around. Affected users must update the installed version
of the CloudWatch Agent to address this issue. (CVE-2022-23511)

See Also

https://github.com/advisories/GHSA-j8x2-2m5w-j939

Plugin Details

Severity: Medium

ID: 416260

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2022-23511

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 12/12/2022

Vulnerability Publication Date: 12/12/2022

Reference Information

CVE: CVE-2022-23511

cwe: CWE-274