CVE-2021-3621

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

https://sssd.io/release-notes/sssd-2.6.0.html

https://bugzilla.redhat.com/show_bug.cgi?id=1975142

Details

Source: MITRE

Published: 2021-12-23

Updated: 2022-01-07

Type: CWE-77

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
156541EulerOS Virtualization 3.0.2.6 : sssd (EulerOS-SA-2021-2880)NessusHuawei Local Security Checks
high
156362EulerOS Virtualization 3.0.2.0 : sssd (EulerOS-SA-2021-2826)NessusHuawei Local Security Checks
high
155515EulerOS Virtualization 2.9.0 : sssd (EulerOS-SA-2021-2767)NessusHuawei Local Security Checks
high
155514EulerOS Virtualization 2.9.1 : sssd (EulerOS-SA-2021-2739)NessusHuawei Local Security Checks
high
155282EulerOS 2.0 SP5 : sssd (EulerOS-SA-2021-2675)NessusHuawei Local Security Checks
high
155274EulerOS 2.0 SP9 : sssd (EulerOS-SA-2021-2724)NessusHuawei Local Security Checks
high
155244EulerOS 2.0 SP9 : sssd (EulerOS-SA-2021-2699)NessusHuawei Local Security Checks
high
154804EulerOS 2.0 SP8 : sssd (EulerOS-SA-2021-2646)NessusHuawei Local Security Checks
high
153899Amazon Linux 2 : sssd (ALAS-2021-1715)NessusAmazon Linux Local Security Checks
high
153858Amazon Linux AMI : sssd (ALAS-2021-1542)NessusAmazon Linux Local Security Checks
high
153431Debian DLA-2758-1 : sssd - LTS security updateNessusDebian Local Security Checks
high
153151CentOS 8 : sssd (CESA-2021:3151)NessusCentOS Local Security Checks
high
153144Ubuntu 18.04 LTS / 20.04 LTS / 21.04 : SSSD vulnerabilities (USN-5067-1)NessusUbuntu Local Security Checks
high
153006openSUSE 15 Security Update : sssd (openSUSE-SU-2021:2941-1)NessusSuSE Local Security Checks
critical
152989SUSE SLED15 / SLES15 Security Update : sssd (SUSE-SU-2021:2941-1)NessusSuSE Local Security Checks
critical
152980Oracle Linux 7 : sssd (ELSA-2021-3336)NessusOracle Linux Local Security Checks
high
152976CentOS 7 : sssd (CESA-2021:3336)NessusCentOS Local Security Checks
high
152948Scientific Linux Security Update : sssd on SL7.x i686/x86_64 (2021:3336)NessusScientific Linux Local Security Checks
high
152939RHEL 7 : sssd (RHSA-2021:3336)NessusRed Hat Local Security Checks
high
152938RHEL 8 : sssd (RHSA-2021:3365)NessusRed Hat Local Security Checks
high
152915SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2021:2873-1)NessusSuSE Local Security Checks
critical
152688RHEL 8 : Red Hat Virtualization Host security and bug fix update [ovirt-4.4.7] (Important) (RHSA-2021:3235)NessusRed Hat Local Security Checks
high
152622Oracle Linux 8 : sssd (ELSA-2021-3151)NessusOracle Linux Local Security Checks
high
152621RHEL 8 : sssd (RHSA-2021:3178)NessusRed Hat Local Security Checks
high
152593RHEL 8 : sssd (RHSA-2021:3151)NessusRed Hat Local Security Checks
high