// For flags

CVE-2021-28041

 

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

ssh-agent en OpenSSH versiones anteriores a 8.5, presenta una doble liberación que puede ser relevante en algunos escenarios menos comunes, como el acceso sin restricciones al socket del agente en un sistema operativo heredado o el reenvío de un agente a un host controlado por el atacante

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-03-05 CVE Reserved
  • 2021-03-05 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-415: Double Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netapp
Search vendor "Netapp"
 Hci Compute Node Firmware
Search vendor "Netapp" for product "Hci Compute Node Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
 Hci Compute Node
Search vendor "Netapp" for product "Hci Compute Node"
--
Safe
Netapp
Search vendor "Netapp"
 Hci Storage Node Firmware
Search vendor "Netapp" for product "Hci Storage Node Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
 Hci Storage Node
Search vendor "Netapp" for product "Hci Storage Node"
--
Safe
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 >= 8.2 < 8.5
Search vendor "Openbsd" for product "Openssh" and version " >= 8.2 < 8.5"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected
Netapp
Search vendor "Netapp"
 Cloud Backup
Search vendor "Netapp" for product "Cloud Backup"
--
Affected
Netapp
Search vendor "Netapp"
 Hci Management Node
Search vendor "Netapp" for product "Hci Management Node"
--
Affected
Netapp
Search vendor "Netapp"
 Solidfire
Search vendor "Netapp" for product "Solidfire"
--
Affected
Oracle
Search vendor "Oracle"
 Communications Offline Mediation Controller
Search vendor "Oracle" for product "Communications Offline Mediation Controller"
 12.0.0.3.0
Search vendor "Oracle" for product "Communications Offline Mediation Controller" and version "12.0.0.3.0"
-
Affected
Oracle
Search vendor "Oracle"
 Zfs Storage Appliance
Search vendor "Oracle" for product "Zfs Storage Appliance"
 8.8
Search vendor "Oracle" for product "Zfs Storage Appliance" and version "8.8"
-
Affected