CVE-2021-3560 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 4, 2024
CVE-2021-3560 is a high-severity vulnerability affecting the polkit component, a system service installed by default on many Linux distributions. This local privilege escalation vulnerability allows an unprivileged local user to gain root privileges on affected systems, posing a significant threat to data confidentiality, integrity, and system availability. The vulnerability has been assigned a CVSS 3.x score of 7.8 and a CVSS 2.0 score of 7.2, indicating its high impact.
How do I know if I'm affected?
If you're wondering whether your system is affected by the vulnerability, you should first check if your Linux distribution uses polkit. If it does, see if it's running a vulnerable version (0.113 or later). This vulnerability allows an unprivileged local user to gain root privileges on your system, posing a risk to data confidentiality, integrity, and system availability.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your system to a fixed version. To do this, follow these simple steps: 1) Check your Linux distribution for updates, 2) Install the latest security patches, and 3) Restart your system if required. By keeping your system up-to-date, you'll protect your data and maintain system integrity.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Red Hat Polkit Incorrect Authorization Vulnerability, was added on May 12, 2023, with a due date of June 2, 2023. This issue has been addressed in various products, and users are advised to update their systems to protect against potential threats.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-754 and CWE-863. This issue allows local privilege escalation due to improper checks for unusual conditions and incorrect authorization. This can lead to unauthorized access and control over affected systems.
For more details
CVE-2021-3560 is a high-severity vulnerability in polkit, allowing unprivileged local attackers to escalate their privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-3560 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 4, 2024
CVE-2021-3560 is a high-severity vulnerability affecting the polkit component, a system service installed by default on many Linux distributions. This local privilege escalation vulnerability allows an unprivileged local user to gain root privileges on affected systems, posing a significant threat to data confidentiality, integrity, and system availability. The vulnerability has been assigned a CVSS 3.x score of 7.8 and a CVSS 2.0 score of 7.2, indicating its high impact.
How do I know if I'm affected?
If you're wondering whether your system is affected by the vulnerability, you should first check if your Linux distribution uses polkit. If it does, see if it's running a vulnerable version (0.113 or later). This vulnerability allows an unprivileged local user to gain root privileges on your system, posing a risk to data confidentiality, integrity, and system availability.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your system to a fixed version. To do this, follow these simple steps: 1) Check your Linux distribution for updates, 2) Install the latest security patches, and 3) Restart your system if required. By keeping your system up-to-date, you'll protect your data and maintain system integrity.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Red Hat Polkit Incorrect Authorization Vulnerability, was added on May 12, 2023, with a due date of June 2, 2023. This issue has been addressed in various products, and users are advised to update their systems to protect against potential threats.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-754 and CWE-863. This issue allows local privilege escalation due to improper checks for unusual conditions and incorrect authorization. This can lead to unauthorized access and control over affected systems.
For more details
CVE-2021-3560 is a high-severity vulnerability in polkit, allowing unprivileged local attackers to escalate their privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-3560 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 4, 2024
CVE-2021-3560 is a high-severity vulnerability affecting the polkit component, a system service installed by default on many Linux distributions. This local privilege escalation vulnerability allows an unprivileged local user to gain root privileges on affected systems, posing a significant threat to data confidentiality, integrity, and system availability. The vulnerability has been assigned a CVSS 3.x score of 7.8 and a CVSS 2.0 score of 7.2, indicating its high impact.
How do I know if I'm affected?
If you're wondering whether your system is affected by the vulnerability, you should first check if your Linux distribution uses polkit. If it does, see if it's running a vulnerable version (0.113 or later). This vulnerability allows an unprivileged local user to gain root privileges on your system, posing a risk to data confidentiality, integrity, and system availability.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your system to a fixed version. To do this, follow these simple steps: 1) Check your Linux distribution for updates, 2) Install the latest security patches, and 3) Restart your system if required. By keeping your system up-to-date, you'll protect your data and maintain system integrity.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Red Hat Polkit Incorrect Authorization Vulnerability, was added on May 12, 2023, with a due date of June 2, 2023. This issue has been addressed in various products, and users are advised to update their systems to protect against potential threats.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-754 and CWE-863. This issue allows local privilege escalation due to improper checks for unusual conditions and incorrect authorization. This can lead to unauthorized access and control over affected systems.
For more details
CVE-2021-3560 is a high-severity vulnerability in polkit, allowing unprivileged local attackers to escalate their privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.