7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
15.6%
Added: 01/27/2022
CVE: CVE-2021-4034
Polkit is a Linux package for handling policies that allow unprivileged processes to communicate with privileged processes. It includes a tool called **pkexec**
that allows the user to execute commands as another user according to the polkit policy.
A privilege elevation vulnerability in **pkexec**
allows local unprivileged users to execute arbitrary commands with root privileges.
Upgrade to Polkit 0.121 or higher when available, or apply a fix from your Linux vendor.
<https://access.redhat.com/security/cve/CVE-2021-4034>
<https://gitlab.freedesktop.org/polkit/polkit/-/issues/166>
Exploit requires an existing unprivileged shell connection to the target.
Linux
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
15.6%