7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
15.6%
A local privilege escalation vulnerability was found on polkit’s pkexec
utility. The pkexec application is a setuid tool designed to allow
unprivileged users to run commands as privileged users according predefined
policies. The current version of pkexec doesn’t handle the calling
parameters count correctly and ends trying to execute environment variables
as commands. An attacker can leverage this by crafting environment
variables in such a way it’ll induce pkexec to execute arbitrary code. When
successfully executed the attack can cause a local privilege escalation
given unprivileged users administrative rights on the target machine.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | policykit-1 | < 0.105-20ubuntu0.18.04.6 | UNKNOWN |
ubuntu | 20.04 | noarch | policykit-1 | < 0.105-26ubuntu1.2 | UNKNOWN |
ubuntu | 21.10 | noarch | policykit-1 | < 0.105-31ubuntu0.1 | UNKNOWN |
ubuntu | 22.04 | noarch | policykit-1 | < 0.105-31ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | policykit-1 | < 0.105-4ubuntu3.14.04.6+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | policykit-1 | < 0.105-14.1ubuntu0.5+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0005 Low
EPSS
Percentile
15.6%