CVE-2021-4034

Warnung

Exploit

EPSS 86.52%
Veröffentlicht 28.01.2022 20:15:12
Zuletzt bearbeitet 03.04.2025 18:53:12
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 2 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Polkit Project ≫ Polkit Version < 121

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.6

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.7

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.2

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.1

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Eus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.1

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Workstation Version7.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version21.10

Suse ≫ Enterprise Storage Version7.0

Suse ≫ Linux Enterprise High Performance Computing Version15.0 Updatesp2 SwEdition-

Suse ≫ Manager Proxy Version4.1

Suse ≫ Manager Server Version4.1

Suse ≫ Linux Enterprise Desktop Version15 Updatesp2

Suse ≫ Linux Enterprise Server Version15 Updatesp2 SwPlatform-

Suse ≫ Linux Enterprise Server Version15 Updatesp2 SwPlatformsap

Suse ≫ Linux Enterprise Workstation Extension Version12 Updatesp5

Oracle ≫ HTTP Server Version12.2.1.3.0

Oracle ≫ HTTP Server Version12.2.1.4.0

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Siemens ≫ Sinumerik Edge Version < 3.3.0

Siemens ≫ Scalance Lpe9403 Firmware Version < 2.0

Siemens ≫ Scalance Lpe9403 Version-

Starwindsoftware ≫ Command Center Version1.0 Updateupdate3_build5871

Starwindsoftware ≫ Starwind Virtual San Versionv8 Updatebuild14338

27.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Red Hat Polkit Out-of-Bounds Read and Write Vulnerability

Schwachstelle

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	86.52%	0.994

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H