Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full host control.
Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full host control. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98. | |
| Title | Incorrect Permission Assignment Allows Local Privilege Escalation to SYSTEM via Executable Overwrite | |
| References |
| |
| Metrics |
cvssV3_0
|
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2026-07-09T06:25:58.095Z
Reserved: 2026-05-20T10:00:48.931Z
Link: CVE-2026-47830
No data.
No data.
No data.
OpenCVE Enrichment
No data.