Vulnerability CVE-2021-26720

Vulnerability Name:

CVE-2021-26720 (CCN-196796)

Assigned:

2021-02-15

Published:

2021-02-15

Updated:

2022-12-06

Summary:

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2021-26720

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Issue Tracking, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Issue Tracking, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
avahi-cve202126720-priv-esc(196796)

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Product, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Debian Web site
Package: avahi-daemon (0.7-4 and others)

Source: cve@mitre.org
Type: Product, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Product, Third Party Advisory
cve@mitre.org

Source: CCN
Type: oss-sec Mailing List, Mon, 15 Feb 2021 12:50:49 +0100
CVE-2021-26720: avahi-daemon: 'avahi' to 'root' user privilege escalation through Debian specific if-up script avahi-daemon-check-dns.sh

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-26720

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7444	P	avahi-0.8-150400.7.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7873	P	avahi-autoipd-0.8-150400.7.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7460	P	ceph-common-16.2.11.58+g38d6afd3b78-150400.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95266	P	Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)	2022-07-12
oval:org.opensuse.security:def:3565	P	libXrender1-0.9.8-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3257	P	libspice-client-glib-2_0-8-0.33-3.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94677	P	libopenssl-devel-1.1.1l-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94502	P	avahi-0.8-150400.5.73 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94825	P	screen-4.6.2-5.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94887	P	avahi-autoipd-0.8-150400.5.73 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2872	P	avahi-0.8-150400.5.73 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:13	P	avahi-0.7-3.6.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:6036	P	Security update for tiff (Important)	2022-05-16
oval:org.opensuse.security:def:101979	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2022-04-25
oval:org.opensuse.security:def:942	P	Security update for strongswan (Important)	2022-02-18
oval:org.opensuse.security:def:111993	P	avahi-0.8-7.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1644	P	Security update for postgresql14 (Important)	2021-11-22
oval:org.opensuse.security:def:101538	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:105554	P	avahi-0.8-7.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:102210	P	Security update for shibboleth-sp (Low)	2021-09-28
oval:org.opensuse.security:def:97025	P	memcached-1.5.6-2.10 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2428	P	python3-avahi-0.7-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63517	P	python3-avahi-0.7-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101390	P	python3-Twisted-19.10.0-3.2.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62031	P	avahi-0.7-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101139	P	avahi-autoipd-0.7-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72452	P	avahi-autoipd-0.7-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62733	P	avahi-autoipd-0.7-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100789	P	avahi-0.7-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71772	P	avahi-0.7-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:111564	P	Security update for avahi (Important)	2021-07-11
oval:org.opensuse.security:def:5718	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:67125	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:75875	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:8589	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:108645	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:9334	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:66807	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:69474	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:76193	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:10088	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:70228	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:111244	P	Security update for avahi (Moderate)	2021-03-02
oval:org.opensuse.security:def:40018	P	Security update for avahi (Moderate)	2021-02-24
oval:org.opensuse.security:def:44448	P	Security update for avahi (Moderate)	2021-02-24
oval:org.opensuse.security:def:95497	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:34636	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:108204	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:6315	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:65269	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:58906	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:100376	P	(Moderate)	2021-02-23
oval:org.opensuse.security:def:5949	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:95885	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:35285	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:68549	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:117570	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:97232	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:76106	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:26198	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:60459	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:73776	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:100710	P	(Moderate)	2021-02-23
oval:org.opensuse.security:def:87547	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:108876	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:117718	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:4180	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:33083	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:67038	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:108056	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:61108	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:5185	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:74337	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:109264	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:64654	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:118349	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:102598	P	Security update for avahi (Moderate)	2021-02-23

BACK