F5F5:K46015513

HistoryJan 29, 2022 - 12:00 a.m.

K46015513 : Polkit pkexec vulnerability CVE-2021-4034

Vulners
F5
K46015513 : Polkit pkexec vulnerability CVE-2021-4034

2022-01-2900:00:00

my.f5.com

8.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Security Advisory Description

A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. (CVE-2021-4034)

Impact

The vulnerability allows an attacker to gain administrative privileges.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.1.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3
big-ip afmeq11.6.4

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.1.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3
big-ip afm	eq	11.6.4

Rows per page:

1-10 of 3691

redhat 8

githubexploit 82

packetstorm 2

cisa_kev 1

cbl_mariner 1

nessus 31

osv 7

attackerkb 1

threatpost 1

ibm 8

openvas 17

rosalinux 2

trendmicroblog 1

ubuntu 2

kitploit 1

talosblog 2

zdt 3

slackware 1

checkpoint_security 1

saint 2

veracode 1

qualysblog 1

metasploit 1

prion 1

debiancve 1

freebsd 1

redos 2

fedora 2

thn 1

almalinux 1

altlinux 2

cnvd 1

rocky 1

cvelist 1

hp 1

schneier 1

debian 1

amazon 1

ubuntucve 1

oraclelinux 2

mageia 1

redhat

(RHSA-2022:0272) Important: polkit security update

2022-01-25 18:08:44

(RHSA-2022:0274) Important: polkit security update

2022-01-25 19:09:44

(RHSA-2022:0269) Important: polkit security update

2022-01-25 17:49:01

githubexploit

Exploit for Out-of-bounds Write in Polkit Project Polkit

2022-02-20 17:49:21

Exploit for Out-of-bounds Write in Polkit Project Polkit

2022-09-01 22:48:09

Exploit for Out-of-bounds Write in Polkit Project Polkit

2022-01-26 17:53:16

packetstorm

Polkit pkexec Local Privilege Escalation

2022-03-03 00:00:00

PolicyKit-1 0.105-31 Privilege Escalation

2022-01-27 00:00:00

cisa_kev

Red Hat Polkit Out-of-Bounds Read and Write Vulnerability

2022-06-27 00:00:00

cbl_mariner

CVE-2021-4034 affecting package polkit for versions less than 0.119-2

2022-04-09 06:51:57

nessus

Oracle Linux 7 : polkit (ELSA-2022-0274)

2022-01-26 00:00:00

EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1419)

2022-04-18 00:00:00

OracleVM 3.4 : polkit (OVMSA-2022-0006)

2022-02-17 00:00:00

osv

Important: polkit security update

2022-01-25 17:38:41

policykit-1 - security update

2022-01-25 00:00:00

CVE-2021-4034

2022-01-28 20:15:12

attackerkb

CVE-2021-4034

2022-01-28 00:00:00

threatpost

Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’

2022-01-26 17:52:49

ibm

Security Bulletin: Vulnerability in Polkit affects IBM Integrated Analytics System.

2022-02-16 05:38:50

Security Bulletin: Polkit as used by IBM® QRadar SIEM is vulnerable to privilege escalation (CVE-2021-4034)

2022-02-18 13:39:45

Security Bulletin: App Connect Professional is affected by polkit's pkexec vulnerability

2022-02-15 04:15:53

openvas

Ubuntu: Security Advisory (USN-5252-1)

2022-01-26 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0191-1)

2022-01-26 00:00:00

openSUSE: Security Advisory for polkit (openSUSE-SU-2022:0190-1)

2022-02-08 00:00:00

rosalinux

Advisory ROSA-SA-2022-2012

2022-01-27 13:18:29

Advisory ROSA-SA-2022-2013

2022-01-31 14:03:39

trendmicroblog

Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™

2022-02-11 00:00:00

ubuntu

PolicyKit vulnerability

2022-01-25 00:00:00

PolicyKit vulnerability

2022-01-25 00:00:00

kitploit

PwnKit-Exploit - Proof Of Concept (PoC) CVE-2021-4034

2022-03-07 11:30:00

talosblog

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

2022-10-13 12:00:00

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

2022-10-13 12:00:00

zdt

PolicyKit-1 0.105-31 - Privilege Escalation Exploit

2022-01-27 00:00:00

Polkit pkexec Local Privilege Escalation Vulnerability

2022-01-26 00:00:00

Polkit pkexec Local Privilege Escalation Exploit

2022-03-03 00:00:00

slackware

[slackware-security] polkit

2022-01-26 05:02:16

checkpoint_security

Check Point's Response to CVE-2021-4034 - Local Privilege Escalation in polkit's pkexec

2022-01-29 20:41:56

saint

Polkit pkexec privilege elevation

2022-01-27 00:00:00

Polkit pkexec privilege elevation

2022-01-27 00:00:00

veracode

Privilege Escalation

2022-01-26 05:22:38

qualysblog

QSC 2022: Qualys’ Threat Research Unit (TRU) – Our Shield Is Your Shield

2022-11-11 01:28:25

metasploit

Local Privilege Escalation in polkits pkexec

2022-01-26 19:05:36

prion

Privilege escalation

2022-01-28 20:15:00

debiancve

CVE-2021-4034

2022-01-28 20:15:12

freebsd

polkit -- Local Privilege Escalation

2022-01-25 00:00:00

redos

ROS-20220128-01

2022-01-28 00:00:00

ROS-20220301-01

2022-03-01 00:00:00

fedora

[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.2

2022-01-26 23:42:37

[SECURITY] Fedora 35 Update: polkit-0.120-1.fc35.1

2022-01-26 18:41:50

thn

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

2022-10-13 12:17:00

almalinux

Important: polkit security update

2022-01-25 17:38:41

altlinux

Security fix for the ALT Linux 10 package kernel-image-std-def version 2:5.10.110-alt1

2022-04-12 00:00:00

Security fix for the ALT Linux 9 package polkit version 0.116-alt2.M90P.4

2022-02-01 00:00:00

cnvd

polkit pkexec elevation of privilege vulnerability

2022-01-27 00:00:00

rocky

polkit security update

2022-01-25 17:38:41

cvelist

CVE-2021-4034

2022-01-28 00:00:00

HP ThinPro Linux Escalation of Privilege

2022-03-03 00:00:00

schneier

Twelve-Year-Old Linux Vulnerability Discovered and Patched

2022-01-31 12:18:55

debian

[SECURITY] [DLA 2899-1] policykit-1 security update

2022-01-25 17:55:51

amazon

Important: polkit

2022-01-27 00:38:00

ubuntucve

CVE-2021-4034

2022-01-25 00:00:00

oraclelinux

polkit security update

2022-01-25 00:00:00

polkit security update

2022-01-28 00:00:00

mageia

Updated polkit packages fix security vulnerability

2022-01-26 13:30:04

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for F5:K46015513