// For flags

CVE-2021-3560

Red Hat Polkit Incorrect Authorization Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

23
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Se ha detectado que polkit podía ser engañado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, elevando los privilegios del solicitante al usuario root. Este fallo podría ser usado por un atacante local no privilegiado para, por ejemplo, crear un nuevo administrador local. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, así como para la disponibilidad del sistema

Polkit version Polkit 0.105-26 0.117-2 suffers from a local privilege escalation vulnerability.

Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-05-20 CVE Reserved
  • 2021-06-03 CVE Published
  • 2021-06-14 First Exploit
  • 2023-05-12 Exploited in Wild
  • 2023-06-02 KEV Due Date
  • 2023-06-12 EPSS Updated
  • 2024-08-03 CVE Updated
CWE
  • CWE-754: Improper Check for Unusual or Exceptional Conditions
  • CWE-863: Incorrect Authorization
CAPEC
References (27)
URL Tag Source
http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html Third Party Advisory
http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html Third Party Advisory
URL Date SRC
https://www.exploit-db.com/exploits/50011 2021-06-15
https://github.com/secnigma/CVE-2021-3560-Polkit-Privilege-Esclation 2022-11-16
https://github.com/RicterZ/CVE-2021-3560-Authentication-Agent 2022-05-02
https://github.com/hakivvi/CVE-2021-3560 2021-06-23
https://github.com/WinMin/CVE-2021-3560 2022-05-02
https://github.com/0dayNinja/CVE-2021-3560 2021-07-30
https://github.com/AssassinUKG/Polkit-CVE-2021-3560 2021-06-29
https://github.com/chenaotian/CVE-2021-3560 2022-05-23
https://github.com/BizarreLove/CVE-2021-3560 2021-07-29
https://github.com/cpu0x00/CVE-2021-3560 2021-08-05
https://github.com/UNICORDev/exploit-CVE-2021-3560 2022-06-26
https://github.com/NeonWhiteRabbit/CVE-2021-3560 2022-02-02
https://github.com/f4T1H21/CVE-2021-3560-Polkit-DBus 2022-02-13
https://github.com/Kyyomaa/CVE-2021-3560-EXPLOIT 2024-04-23
https://github.com/TieuLong21Prosper/CVE-2021-3560 2023-10-10
https://github.com/curtishoughton/CVE-2021-3560 2021-06-14
https://github.com/TomMalvoRiddle/CVE-2021-3560 2021-07-26
https://github.com/innxrmxst/CVE-2021-3560 2022-02-25
https://github.com/asepsaepdin/CVE-2021-3560 2023-09-05
https://github.com/LucasPDiniz/CVE-2021-3560 2024-06-30
https://github.com/pashayogi/ROOT-CVE-2021-3560 2023-08-20
https://github.com/markyu0401/CVE-2021-3560-Polkit-Privilege-Escalation 2024-02-24
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug 2024-08-03
URL Date SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1961710 2021-07-06
URL Date SRC
https://access.redhat.com/security/cve/CVE-2021-3560 2021-07-06
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Virtualization
Search vendor "Redhat" for product "Virtualization"
 4.0
Search vendor "Redhat" for product "Virtualization" and version "4.0"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
 Virtualization Host
Search vendor "Redhat" for product "Virtualization Host"
 4.0
Search vendor "Redhat" for product "Virtualization Host" and version "4.0"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Redhat
Search vendor "Redhat"
 Openshift Container Platform
Search vendor "Redhat" for product "Openshift Container Platform"
 4.7
Search vendor "Redhat" for product "Openshift Container Platform" and version "4.7"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Redhat
Search vendor "Redhat"
 Openshift Container Platform
Search vendor "Redhat" for product "Openshift Container Platform"
 4.7
Search vendor "Redhat" for product "Openshift Container Platform" and version "4.7"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Safe
Polkit Project
Search vendor "Polkit Project"
 Polkit
Search vendor "Polkit Project" for product "Polkit"
 < 0.119
Search vendor "Polkit Project" for product "Polkit" and version " < 0.119"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 20.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04"
-
Affected