Amazon Athena ODBC Driver Authentication Component Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in the Amazon Athena ODBC driver, specifically in versions prior to 2.1.0.0, within the authentication components. This vulnerability could allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that the driver processes during user-initiated authentication. The issue has been addressed in version 2.1.0.0, which is available for Windows, Linux, and macOS.
Impact
Exploitation of this vulnerability could lead to arbitrary code execution or unauthorized redirection of authentication flows, allowing attackers to manipulate authentication processes or execute malicious code under the user's context.
Remediation
Users are advised to upgrade to the Amazon Athena ODBC driver version 2.1.0.0. This version can be downloaded from the Amazon Athena ODBC 2.x driver release notes page. For Windows, the driver is available as an MSI installer. For Linux, it can be downloaded as an RPM package. macOS users can choose between an ARM or Intel package.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.