CVE-2021-26677
published 2021-02-23CVE-2021-26677: A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.30%
21.7th percentile
A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arubanetworks | clearpass_policy_manager | < 6.7.14 | 6.7.14 |
| arubanetworks | clearpass_policy_manager | >= 6.8.0 < 6.8.7 | 6.8.7 |
| arubanetworks | clearpass_policy_manager | >= 6.9.0 < 6.9.2 | 6.9.2 |
| linux | linux_kernel | >= 0 < 5.4.0-196.216 | 5.4.0-196.216 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-raspi-5.4 vulnerabilities
osv·2024-10-10·CVSS 5.5
CVE-2021-47188 linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-39494, CVE-2022-48791, CVE-2022-48863,
CVE-2024-42228, CVE-2024-38570, CVE-2024-42160, CVE-2024-26787,
CVE-2024-27012, CVE-2024-26677)
OSV
linux-raspi vulnerabilities
osv·2024-10-01·CVSS 5.5
CVE-2021-47188 linux-raspi vulnerabilities
linux-raspi vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-42160, CVE-2024-42228, CVE-2022-48863,
CVE-2024-26677, CVE-2024-26787, CVE-2024-38570, CVE-2024-39494,
CVE-2022-48791, CVE-2024-27012)
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.
osv·2024-09-18·CVSS 5.5
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Modular ISDN driver;
- MMC subsystem;
- SCSI drivers;
- F2FS file system;
- GFS2 file system;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2021-47188, CVE-2024-27012, CVE-2024-42228, CVE-2022-48791,
CVE-2024-39494, CVE-2022-48863, CVE-2024-26787, CVE-2024-42160,
CVE-2024-38570, CVE-2024-26677)
GHSA
GHSA-xx4w-vp73-2842: A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6
ghsa_unreviewed·2022-05-24
CVE-2021-26677 [HIGH] CWE-269 GHSA-xx4w-vp73-2842: A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6
A local authenticated escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users on a Windows platform to elevate their privileges. A successful exploit could allow an attacker to execute arbitrary code with SYSTEM level privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-23
Published