Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3621

Опубликовано: 23 дек. 2021
Источник: nvd
CVSS3: 8.8
CVSS2: 9.3
EPSS Низкий

Описание

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:fedoraproject:sssd:2.6.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

Процентиль: 64%
0.00478
Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-77
CWE-78

Связанные уязвимости

ubuntu логотип

CVE-2021-3621

CVSS3: 8.8
ubuntu
больше 3 лет назад

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

redhat логотип

CVE-2021-3621

CVSS3: 6.7
redhat
почти 4 года назад

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

debian логотип

CVE-2021-3621

CVSS3: 8.8
debian
больше 3 лет назад

A flaw was found in SSSD, where the sssctl command was vulnerable to s ...

suse-cvrf логотип

openSUSE-SU-2021:2941-1

suse-cvrf
почти 4 года назад

Security update for sssd

suse-cvrf логотип

SUSE-SU-2022:2763-1

suse-cvrf
почти 3 года назад

Security update for sssd

EPSS

Процентиль: 64%
0.00478
Низкий

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-77
CWE-78