Lucene search

RedhatCVE-2021-3621

HistoryDec 23, 2021 - 9:15 p.m.

CVE-2021-3621

2021-12-2321:15:08

CWE-78

CWE-77

redhat

web.nvd.nist.gov

871

sssd

shell command injection

sssctl

cve-2021-3621

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

64.9%

JSON

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Affected configurations

Nvd

Vulners

Node

fedoraprojectsssdMatch2.6.0

Node

redhatvirtualizationMatch4.0

redhatvirtualization_hostMatch4.0

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_eusMatch8.1

redhatenterprise_linux_eusMatch8.2

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

Node

fedoraprojectfedoraMatch34

VendorProductVersionCPE
fedoraprojectsssd2.6.0cpe:2.3:a:fedoraproject:sssd:2.6.0:*:*:*:*:*:*:*
redhatvirtualization4.0cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
redhatvirtualization_host4.0cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus8.1cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
redhatenterprise_linux_eus8.2cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus8.2cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus8.4cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fedoraproject	sssd	2.6.0	cpe:2.3:a:fedoraproject:sssd:2.6.0:::::::*
redhat	virtualization	4.0	cpe:2.3:a:redhat:virtualization:4.0:::::::*
redhat	virtualization_host	4.0	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
redhat	enterprise_linux_eus	8.1	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
redhat	enterprise_linux_eus	8.2	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
redhat	enterprise_linux_server_aus	8.2	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
redhat	enterprise_linux_server_aus	8.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "sssd",
    "versions": [
      {
        "version": "sssd 2.6.0",
        "status": "affected"
      }
    ]
  }
]