CVE-2021-4034
critical-risk
Published 2022-01-28
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Do I need to act?
!
87.8% chance of exploitation in next 30 days
EPSS score — higher than 12% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Affected Vendors
References (24)
Third Party Advisory
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.h...
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220818-0001/
Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020564
Third Party Advisory
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.h...
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
and 4 more references
77
/ 100
critical-risk
Severity
24/34 · High
Exploitability
27/34 · High
Exposure
26/34 · High