Vulnerability CVE-2021-41617

Vulnerability Name:

CVE-2021-41617 (CCN-210062)

Assigned:

2021-09-26

Published:

2021-09-26

Updated:

2023-02-14

Summary:

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

CVSS v3 Severity:

7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.0 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-273

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2021-41617

Source: cve@mitre.org
Type: Issue Tracking, Patch, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
openssh-cve202141617-priv-esc(210062)

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6522092 (i)
OpenSSH for IBM i is affected by CVE-2021-41617

Source: CCN
Type: IBM Security Bulletin 6524682 (Spectrum Protect Plus)
Vulnerabilities in Redis, OpenSSH, Golang Go, and Apache Kafka may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift

Source: CCN
Type: IBM Security Bulletin 6538690 (AIX)
Vulnerability in OpenSSH affects AIX (CVE-2021-41617)

Source: CCN
Type: IBM Security Bulletin 6556994 (Integrated Analytics System)
Vulnerability in OpenSSH affects IBM Integrated Analytics System

Source: CCN
Type: IBM Security Bulletin 6562471 (Spectrum Copy Data Management)
Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6562843 (Spectrum Protect Plus)
Vulnerabilities in Polkit, Node.js, OpenSSH, and Golang Go affect IBM Spectrum Protect Plus (CVE-2021-4034, CVE-2022-21681, CVE-2022-21680, CVE-2022-0235, CVE-2021-41617, CVE-2021-44716, CVE-2021-44717, 218243)

Source: CCN
Type: IBM Security Bulletin 6568365 (QRadar Network Packet Capture)
IBM QRadar Network Packet Capture is using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6597283 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617)

Source: CCN
Type: IBM Security Bulletin 6597539 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to privilege escalation due to CVE-2021-41617

Source: CCN
Type: IBM Security Bulletin 6601937 (QRadar Network Security)
IBM QRadar Network Security is affected by Vulnerability in OpenSSH. (CVE-2021-41617)

Source: CCN
Type: IBM Security Bulletin 6850775 (Cloud Pak for Security)
OpenSSH as used by IBM Cloud Pak for Security is vulnerable to privilege escalation (CVE-2021-41617)

Source: CCN
Type: OpenSSH Web site
OpenSSH

Source: cve@mitre.org
Type: Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Release Notes, Vendor Advisory
cve@mitre.org

Source: CCN
Type: oss-sec Mailing List, Sun, 26 Sep 2021 08:52:50 -0600 (MDT)
Announce: OpenSSH 8.8 released

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-41617

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openbsd:openssh:6.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:6.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:6.4:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:6.5:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:6.8:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:6.9:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:6.9:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.0:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.2:p2:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.4:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.5:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.8:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.9:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.0:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:7.7:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.3:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.3:p1:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.4:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.7:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.5:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:8.6:-:*:*:*:*:*:*

AND

cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_packet_capture:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_copy_data_management:2.2.14.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.9.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8072	P	xorg-x11-server-sdk-21.1.4-150500.5.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7726	P	openssh-8.4p1-150300.3.18.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51992	P	Security update for vim (Moderate)	2023-01-30
oval:org.opensuse.security:def:3729	P	openslp-2.0.0-18.20.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3132	P	libX11-6-1.6.2-12.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94762	P	openssh-8.4p1-3.9.1 on GA media (Moderate)	2022-06-22
oval:com.redhat.rhsa:def:20222013	P	RHSA-2022:2013: openssh security, bug fix, and enhancement update (Moderate)	2022-05-10
oval:org.opensuse.security:def:119032	P	Security update for openssh (Important)	2022-03-10
oval:org.opensuse.security:def:119705	P	Security update for openssh (Important)	2022-03-10
oval:org.opensuse.security:def:119143	P	Security update for openssh (Important)	2022-03-10
oval:org.opensuse.security:def:119337	P	Security update for openssh (Important)	2022-03-10
oval:org.opensuse.security:def:42211	P	Security update for openssh (Important)	2022-03-10
oval:org.opensuse.security:def:118842	P	Security update for openssh (Important)	2022-03-10
oval:org.opensuse.security:def:119520	P	Security update for openssh (Important)	2022-03-10
oval:org.opensuse.security:def:100083	P	(Moderate)	2022-02-21
oval:org.opensuse.security:def:37521	P	Security update for openssh-openssl1 (Important)	2021-12-23
oval:org.opensuse.security:def:42806	P	Security update for openssh-openssl1 (Important)	2021-12-23
oval:org.opensuse.security:def:67348	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:99441	P	(Important)	2021-12-06
oval:org.opensuse.security:def:30280	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:58058	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:98984	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:106749	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:51709	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:86181	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:93591	P	(Important)	2021-12-06
oval:org.opensuse.security:def:92822	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:1649	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:69963	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:100692	P	(Important)	2021-12-06
oval:org.opensuse.security:def:33059	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:99772	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:56103	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:94416	P	(Important)	2021-12-06
oval:org.opensuse.security:def:106064	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:76416	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:84249	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:93117	P	(Important)	2021-12-06
oval:org.opensuse.security:def:92229	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:69161	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:99704	P	(Important)	2021-12-06
oval:org.opensuse.security:def:31319	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:58882	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:99179	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:86699	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:93779	P	(Important)	2021-12-06
oval:org.opensuse.security:def:111825	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:10374	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:82665	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:101559	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:64818	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:29458	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:57142	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:106263	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:84707	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:93278	P	(Important)	2021-12-06
oval:org.opensuse.security:def:9624	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:92424	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:828	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:4236	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:100028	P	(Important)	2021-12-06
oval:org.opensuse.security:def:31717	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:99374	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:55281	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:87523	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:93994	P	(Important)	2021-12-06
oval:org.opensuse.security:def:105674	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:73940	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:83367	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:8873	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:70514	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:101740	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:65325	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:99170	P	(Important)	2021-12-06
oval:org.opensuse.security:def:30160	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:57540	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:106462	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:85783	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:93435	P	(Important)	2021-12-06
oval:org.opensuse.security:def:9823	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:92623	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:1049	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:6259	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:69764	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:100363	P	(Important)	2021-12-06
oval:org.opensuse.security:def:32235	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:99573	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:23721	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:55983	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:94205	P	(Important)	2021-12-06
oval:org.opensuse.security:def:105869	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:74393	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:83487	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:42246	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:9068	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:92034	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:102225	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:10181	P	Security update for openssh (Important)	2021-12-03
oval:org.opensuse.security:def:9427	P	Security update for openssh (Important)	2021-12-03
oval:org.opensuse.security:def:8680	P	Security update for openssh (Important)	2021-12-03
oval:org.opensuse.security:def:70321	P	Security update for openssh (Important)	2021-12-03
oval:org.opensuse.security:def:69567	P	Security update for openssh (Important)	2021-12-03
oval:org.opensuse.security:def:34606	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:127201	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:60429	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:24004	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:88545	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:33750	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:125637	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:89228	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:59573	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:34008	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:126804	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:89486	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:59831	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:88228	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:41636	P	Security update for openssh (Important)	2021-12-01
oval:org.opensuse.security:def:46066	P	Security update for openssh (Important)	2021-12-01
oval:com.redhat.rhsa:def:20214782	P	RHSA-2021:4782: openssh security update (Moderate)	2021-11-23

BACK