Vulnerability Details : CVE-2021-3560
Public exploit exists!
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Products affected by CVE-2021-3560
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*
CVE-2021-3560 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Red Hat Polkit Incorrect Authorization Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
Notes:
https://bugzilla.redhat.com/show_bug.cgi?id=1961710; https://nvd.nist.gov/vuln/detail/CVE-2021-3560
Added on
2023-05-12
Action due date
2023-06-02
Exploit prediction scoring system (EPSS) score for CVE-2021-3560
1.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-3560
-
Polkit D-Bus Authentication Bypass
Disclosure Date: 2021-06-03First seen: 2021-07-08exploit/linux/local/polkit_dbus_auth_bypassA vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will oc
CVSS scores for CVE-2021-3560
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-29 |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-3560
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: nvd@nist.gov (Primary)
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2021-3560
-
https://bugzilla.redhat.com/show_bug.cgi?id=1961710
1961710 – (CVE-2021-3560) CVE-2021-3560 polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()Issue Tracking;Patch;Vendor Advisory
-
http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
polkit Authentication Bypass ≈ Packet StormThird Party Advisory;VDB Entry
-
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug | The GitHub BlogExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
Facebook Fizz Denial Of Service ≈ Packet StormThird Party Advisory;VDB Entry
Jump to