Attacker Value
High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
1

CVE-2021-3560

Disclosure Date: February 16, 2022
CVE-2021-3560 CVSS v3 Base Score: 7.8
Exploited in the Wild
Reported by mkienow-r7 and 1 more...
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Add Assessment

1
Ratings
  • Attacker Value
    High
  • Exploitability
    Very High
Common in enterpriseEasy to weaponizeGives privileged accessVulnerable in default configurationAuthenticated
Technical Analysis

Polkit is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. D-Bus is a message-oriented middleware mechanism that allows communication between multiple processes running concurrently on the same machine.

A vulnerbility was found in Polkit that allows a local unprivileged attacker to obtain execution as the root user. The attacker needs to invoke method over D-bus and then kill the client process. Not always, but sometimes this will cause the operation to complete without requiring authenetication.

This allows a local unprivilged attacker to attempt to create a new user with sudo access and a known password. When successful, the attacker can then execute a payload with root privileges.

This is bad. Polkit is installed by default across many linux distributions making this a fantastic attack vector. Very important to patch!

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
polkit polkit 0.119
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • polkit project,
  • redhat

Products

  • debian linux 11.0,
  • openshift container platform 4.7,
  • polkit,
  • ubuntu linux 20.04,
  • virtualization 4.0,
  • virtualization host 4.0

Exploited in the Wild

Reported by:

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis