Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2021-41617

Disclosure Date: September 26, 2021
CVE-2021-41617 CVSS v3 Base Score: 7.0
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.0 High
Impact Score:
5.9
Exploitability Score:
1
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • fedoraproject,
  • netapp,
  • openbsd,
  • oracle,
  • starwindsoftware

Products

  • active iq unified manager -,
  • aff 500f firmware -,
  • aff a250 firmware -,
  • clustered data ontap -,
  • fedora 33,
  • fedora 34,
  • fedora 35,
  • hci management node -,
  • http server 12.2.1.2.0,
  • http server 12.2.1.3.0,
  • http server 12.2.1.4.0,
  • ontap select deploy administration utility -,
  • openssh,
  • solidfire -,
  • starwind virtual san v8r13,
  • zfs storage appliance kit 8.8
Technical Analysis