IM
IronMonkey Threat Research

CVE-2021-41617 HIGH

Published: 2021-09-26 | Last Modified: 2026-07-14 | Status: Modified

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Additional Descriptions (1)

sshd en OpenSSH versiones 6.2 hasta 8.x anteriores a 8.8, cuando son usadas determinadas configuraciones no predeterminadas, permite una escalada de privilegios porque los grupos complementarios no son inicializados como se espera. Los programas de ayuda para AuthorizedKeysCommand y AuthorizedPrincipalsCommand pueden ejecutarse con privilegios asociados a la pertenencia a grupos del proceso sshd, si la configuración especifica la ejecución del comando como un usuario diferente

CVSS Metrics

Base Score: 7.0 (HIGH)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL
Attack ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.0

Impact Score: 5.9

Base Score: 4.4 (MEDIUM)

AV:L/AC:M/Au:N/C:P/I:P/A:P

Access VectorLOCAL
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 3.4

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-Other

Affected Products

Vendor Product Version Update Type
openbsd openssh * <built-in method update of dict object at 0x702bcbbf42c0> Application
fedoraproject fedora 33 <built-in method update of dict object at 0x702bdd605c00> Operating System
fedoraproject fedora 34 <built-in method update of dict object at 0x702bcbbf53c0> Operating System
fedoraproject fedora 35 <built-in method update of dict object at 0x702bcbbf6640> Operating System
netapp active_iq_unified_manager - <built-in method update of dict object at 0x702bcbbf5b00> Application
netapp clustered_data_ontap - <built-in method update of dict object at 0x702bdd151680> Application
netapp hci_management_node - <built-in method update of dict object at 0x702bdd6060c0> Application
netapp ontap_select_deploy_administration_utility - <built-in method update of dict object at 0x702bdd607e80> Application
netapp solidfire - <built-in method update of dict object at 0x702bcbbf61c0> Application
netapp aff_a250_firmware - <built-in method update of dict object at 0x702bcbbf5800> Operating System
netapp aff_500f_firmware - <built-in method update of dict object at 0x702bdd604380> Operating System
oracle http_server 12.2.1.2.0 <built-in method update of dict object at 0x702bdd607fc0> Application
oracle http_server 12.2.1.3.0 <built-in method update of dict object at 0x702bcbbf55c0> Application
oracle http_server 12.2.1.4.0 <built-in method update of dict object at 0x702bdd607240> Application
oracle zfs_storage_appliance_kit 8.8 <built-in method update of dict object at 0x702bdd604180> Application
starwindsoftware starwind_virtual_san v8r13 <built-in method update of dict object at 0x702bdd604e00> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*

References

Notification
Message here