Lucene search

CVE-2021-4034

🗓️ 28 Jan 2022 20:12:15Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 35 Media mentions👁 1824 Views

CVE-2021-4034: Local privilege escalation vulnerability in pkexec utilit

Reporter	Title	Published	Views	Family All 200
Tenable Nessus	EulerOS 2.0 SP10 : polkit (EulerOS-SA-2022-1493)	20 Apr 202200:00	–	nessus
Tenable Nessus	Photon OS 4.0: Polkit PHSA-2022-4.0-0147	23 Jul 202400:00	–	nessus
Tenable Nessus	RHEL 7 : polkit (RHSA-2022:0272)	26 Jan 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1420)	18 Apr 202200:00	–	nessus
Tenable Nessus	RHEL 7 : polkit (RHSA-2022:0274)	26 Jan 202200:00	–	nessus
Tenable Nessus	RHEL 8 : polkit (RHSA-2022:0266)	26 Jan 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : polkit (EulerOS-SA-2022-1512)	20 Apr 202200:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : polkit (openSUSE-SU-2022:0190-1)	26 Jan 202200:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.2.0 : polkit (EulerOS-SA-2022-1698)	7 May 202200:00	–	nessus
Tenable Nessus	Oracle Linux 7 : polkit (ELSA-2022-0274)	26 Jan 202200:00	–	nessus

Nvd

Node

polkit_project polkitRange<121

Node

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch7.6

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch7.7

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch8.2

redhat enterprise_linux_for_ibm_z_systemsMatch7.0

redhat enterprise_linux_for_ibm_z_systemsMatch8.0

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.2

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.4

redhat enterprise_linux_for_power_big_endianMatch7.0

redhat enterprise_linux_for_power_little_endianMatch7.0

redhat enterprise_linux_for_power_little_endianMatch8.0

redhat enterprise_linux_for_power_little_endian_eusMatch8.1

redhat enterprise_linux_for_power_little_endian_eusMatch8.2

redhat enterprise_linux_for_power_little_endian_eusMatch8.4

redhat enterprise_linux_for_scientific_computingMatch7.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.3

redhat enterprise_linux_server_ausMatch7.4

redhat enterprise_linux_server_ausMatch7.6

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_ausMatch8.2

redhat enterprise_linux_server_ausMatch8.4

redhat enterprise_linux_server_eusMatch8.4

redhat enterprise_linux_server_tusMatch7.6

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_server_tusMatch8.2

redhat enterprise_linux_server_tusMatch8.4

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch8.1

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch8.2

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch8.4

redhat enterprise_linux_workstationMatch7.0

Node

canonical ubuntu_linuxMatch14.04esm

canonical ubuntu_linuxMatch16.04esm

canonical ubuntu_linuxMatch18.04lts

canonical ubuntu_linuxMatch20.04lts

canonical ubuntu_linuxMatch21.10

Node

suse enterprise_storageMatch7.0

suse linux_enterprise_high_performance_computingMatch15.0sp2-

suse manager_proxyMatch4.1

suse manager_serverMatch4.1

suse linux_enterprise_desktopMatch15sp2

suse linux_enterprise_serverMatch15sp2-

suse linux_enterprise_serverMatch15sp2sap

suse linux_enterprise_workstation_extensionMatch12sp5

Node

oracle http_serverMatch12.2.1.3.0

oracle http_serverMatch12.2.1.4.0

oracle zfs_storage_appliance_kitMatch8.8

Node

siemens sinumerik_edgeRange<3.3.0

Node

siemens scalance_lpe9403_firmwareRange<2.0

AND

siemens scalance_lpe9403Match-

Node

starwindsoftware command_centerMatch1.0update3_build5871

starwindsoftware starwind_virtual_sanMatchv8build14338

[
  {
    "vendor": "n/a",
    "product": "polkit",
    "versions": [
      {
        "version": "all",
        "status": "affected"
      }
    ]
  }
]

Source	Link
secpod	www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
suse	www.suse.com/support/kb/doc/
packetstormsecurity	www.packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
oracle	www.oracle.com/security-alerts/cpuapr2022.html
qualys	www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
starwindsoftware	www.starwindsoftware.com/security/sw-20220818-0001/
gitlab	www.gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
access	www.access.redhat.com/security/vulnerabilities/RHSB-2022-001
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Jan 2022 20:15Current

8.5High risk

Vulners AI Score8.5

CVSS27.2

CVSS37.8

EPSS0.00135

cve 2021 4034 polkit pkexec vulnerability local privilege escalation nvd security environment variables