Lucene search

[email protected]CVE-2021-4034

HistoryJan 28, 2022 - 8:15 p.m.

CVE-2021-4034

2022-01-2820:15:00

CWE-125

CWE-787

[email protected]

web.nvd.nist.gov

1592

In Wild

cve

2021

4034

polkit

pkexec

vulnerability

local privilege escalation

nvd

security

environment variables

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

15.7%

JSON

A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

CPENameOperatorVersion
polkit_project:polkitpolkit project polkitlt121
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_for_scientific_computingredhat enterprise linux for scientific computingeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0
redhat:enterprise_linux_for_power_little_endianredhat enterprise linux for power little endianeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq6.0
redhat:enterprise_linux_for_power_big_endianredhat enterprise linux for power big endianeq7.0
redhat:enterprise_linux_for_ibm_z_systemsredhat enterprise linux for ibm z systemseq7.0
redhat:enterprise_linux_server_ausredhat enterprise linux server auseq7.3

CPE	Name	Operator	Version
polkit_project:polkit	polkit project polkit	lt	121
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_for_scientific_computing	redhat enterprise linux for scientific computing	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0
redhat:enterprise_linux_for_power_little_endian	redhat enterprise linux for power little endian	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	6.0
redhat:enterprise_linux_for_power_big_endian	redhat enterprise linux for power big endian	eq	7.0
redhat:enterprise_linux_for_ibm_z_systems	redhat enterprise linux for ibm z systems	eq	7.0
redhat:enterprise_linux_server_aus	redhat enterprise linux server aus	eq	7.3