/

CVE-2021-3560 Report - Details, Severity, Advisories and More

CVE-2021-3560 Report - Details, Severity, Advisories and More

Twingate Team

Jan 4, 2024

CVE-2021-3560 is a high-severity vulnerability affecting the polkit component, a system service installed by default on many Linux distributions. This local privilege escalation vulnerability allows an unprivileged local user to gain root privileges on affected systems, posing a significant threat to data confidentiality, integrity, and system availability. The vulnerability has been assigned a CVSS 3.x score of 7.8 and a CVSS 2.0 score of 7.2, indicating its high impact.

How do I know if I'm affected?

If you're wondering whether your system is affected by the vulnerability, you should first check if your Linux distribution uses polkit. If it does, see if it's running a vulnerable version (0.113 or later). This vulnerability allows an unprivileged local user to gain root privileges on your system, posing a risk to data confidentiality, integrity, and system availability.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your system to a fixed version. To do this, follow these simple steps: 1) Check your Linux distribution for updates, 2) Install the latest security patches, and 3) Restart your system if required. By keeping your system up-to-date, you'll protect your data and maintain system integrity.

Where can I go to learn more?

For more information on the CVE-2021-3560 vulnerability, you can refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Red Hat Polkit Incorrect Authorization Vulnerability, was added on May 12, 2023, with a due date of June 2, 2023. This issue has been addressed in various products, and users are advised to update their systems to protect against potential threats.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-754 and CWE-863. This issue allows local privilege escalation due to improper checks for unusual conditions and incorrect authorization. This can lead to unauthorized access and control over affected systems.

For more details

CVE-2021-3560 is a high-severity vulnerability in polkit, allowing unprivileged local attackers to escalate their privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2021-3560 Report - Details, Severity, Advisories and More

CVE-2021-3560 Report - Details, Severity, Advisories and More

Twingate Team

Jan 4, 2024

CVE-2021-3560 is a high-severity vulnerability affecting the polkit component, a system service installed by default on many Linux distributions. This local privilege escalation vulnerability allows an unprivileged local user to gain root privileges on affected systems, posing a significant threat to data confidentiality, integrity, and system availability. The vulnerability has been assigned a CVSS 3.x score of 7.8 and a CVSS 2.0 score of 7.2, indicating its high impact.

How do I know if I'm affected?

If you're wondering whether your system is affected by the vulnerability, you should first check if your Linux distribution uses polkit. If it does, see if it's running a vulnerable version (0.113 or later). This vulnerability allows an unprivileged local user to gain root privileges on your system, posing a risk to data confidentiality, integrity, and system availability.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your system to a fixed version. To do this, follow these simple steps: 1) Check your Linux distribution for updates, 2) Install the latest security patches, and 3) Restart your system if required. By keeping your system up-to-date, you'll protect your data and maintain system integrity.

Where can I go to learn more?

For more information on the CVE-2021-3560 vulnerability, you can refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Red Hat Polkit Incorrect Authorization Vulnerability, was added on May 12, 2023, with a due date of June 2, 2023. This issue has been addressed in various products, and users are advised to update their systems to protect against potential threats.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-754 and CWE-863. This issue allows local privilege escalation due to improper checks for unusual conditions and incorrect authorization. This can lead to unauthorized access and control over affected systems.

For more details

CVE-2021-3560 is a high-severity vulnerability in polkit, allowing unprivileged local attackers to escalate their privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2021-3560 Report - Details, Severity, Advisories and More

Twingate Team

Jan 4, 2024

CVE-2021-3560 is a high-severity vulnerability affecting the polkit component, a system service installed by default on many Linux distributions. This local privilege escalation vulnerability allows an unprivileged local user to gain root privileges on affected systems, posing a significant threat to data confidentiality, integrity, and system availability. The vulnerability has been assigned a CVSS 3.x score of 7.8 and a CVSS 2.0 score of 7.2, indicating its high impact.

How do I know if I'm affected?

If you're wondering whether your system is affected by the vulnerability, you should first check if your Linux distribution uses polkit. If it does, see if it's running a vulnerable version (0.113 or later). This vulnerability allows an unprivileged local user to gain root privileges on your system, posing a risk to data confidentiality, integrity, and system availability.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your system to a fixed version. To do this, follow these simple steps: 1) Check your Linux distribution for updates, 2) Install the latest security patches, and 3) Restart your system if required. By keeping your system up-to-date, you'll protect your data and maintain system integrity.

Where can I go to learn more?

For more information on the CVE-2021-3560 vulnerability, you can refer to the following resources:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Red Hat Polkit Incorrect Authorization Vulnerability, was added on May 12, 2023, with a due date of June 2, 2023. This issue has been addressed in various products, and users are advised to update their systems to protect against potential threats.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-754 and CWE-863. This issue allows local privilege escalation due to improper checks for unusual conditions and incorrect authorization. This can lead to unauthorized access and control over affected systems.

For more details

CVE-2021-3560 is a high-severity vulnerability in polkit, allowing unprivileged local attackers to escalate their privileges. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page.