7

CVE-2021-41617

EPSS 0.37%
Published 26.09.2021 19:15:07
Last modified 21.11.2024 06:26:32
Source cve@mitre.org
Teams watchlist Login
Open Login

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Affected products Warnungen 0 Metrics 3 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Openbsd ≫ Openssh Version >= 6.2 < 8.8

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Hci Management Node Version-

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ Solidfire Version-

Netapp ≫ Aff A250 Firmware Version-

Netapp ≫ Aff A250 Version-

Netapp ≫ Aff 500f Firmware Version-

Netapp ≫ Aff 500f Version-

Oracle ≫ HTTP Server Version12.2.1.2.0

Oracle ≫ HTTP Server Version12.2.1.3.0

Oracle ≫ HTTP Server Version12.2.1.4.0

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Starwindsoftware ≫ Starwind Virtual San Versionv8r13 Update14398

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.582

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

https://www.openssh.com/security.html

Vendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1190975

Patch

Third Party Advisory

Issue Tracking

https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/

https://security.netapp.com/advisory/ntap-20211014-0004/

Third Party Advisory

https://www.debian.org/security/2023/dsa-5586

https://www.openssh.com/txt/release-8.8

Vendor Advisory

Release Notes

https://www.openwall.com/lists/oss-security/2021/09/26/1

Third Party Advisory

Mailing List

https://www.starwindsoftware.com/security/sw-20220805-0001/

Third Party Advisory

https://www.tenable.com/plugins/nessus/154174

https://nvd.nist.gov/vuln/detail/CVE-2021-41617

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41617

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41617

EUVD