Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-41617

Опубликовано: 26 сент. 2021
Источник: nvd
CVSS3: 7
CVSS2: 4.4
EPSS Низкий

Описание

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 8.8 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Конфигурация 7
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*

EPSS

Процентиль: 51%
0.00281
Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2021-41617

CVSS3: 7
ubuntu
больше 4 лет назад

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

redhat логотип

CVE-2021-41617

CVSS3: 7
redhat
больше 4 лет назад

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

msrc логотип

CVE-2021-41617

CVSS3: 7
msrc
больше 4 лет назад

sshd in OpenSSH 6.2 through 8.x before 8.8 when certain non-default configurations are used allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process if the configuration specifies running the command as a different user.

debian логотип

CVE-2021-41617

CVSS3: 7
debian
больше 4 лет назад

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...

suse-cvrf логотип

openSUSE-SU-2021:3950-1

suse-cvrf
около 4 лет назад

Security update for openssh

EPSS

Процентиль: 51%
0.00281
Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

NVD-CWE-Other