⚠ Actively exploited

Added to CISA KEV on 2023-05-12. Federal agencies required to patch by 2023-06-02. Required action: Apply updates per vendor instructions..

CVE-2021-3560 — Incorrect Authorization in Project Polkit

CWE-863 — Incorrect Authorization CWE-754 — Improper Check for Unusual or Exceptional Conditions11 documents11 sources

Severity

7.8HIGHNVD

EPSS

10.9%

top 6.59%

CISA KEV

KEV

Added 2023-05-12

Due 2023-06-02

Exploit

Exploited in wild

Active exploitation observed

Affected products

Polkit Project Polkit Canonical Ubuntu Linux Debian Linux +3 more

Timeline

PublishedFeb 16

KEV addedMay 12

KEV dueJun 2

CISA Required Action: Apply updates per vendor instructions.

Description

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDpolkit_project/polkit< 0.119

▶CVEListV5polkit_project/polkitpolkit 0.119

▶NVDredhat/virtualization4.0

▶NVDredhat/virtualization_host4.0

Also affects: Debian Linux 11.0, Ubuntu Linux 20.04, Openshift Container Platform 4.7

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-7c49-j253-wq5r: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the ro↗2022-02-17

▶

OSV

CVE-2021-3560: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the ro↗2022-02-16

▶

CVEList

CVE-2021-3560: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the ro↗2022-02-16

▶

VulnCheck

Red Hat Polkit Incorrect Authorization Vulnerability↗2021

▶

💥Exploits & PoCs

Exploit-DB

Polkit 0.105-26 0.117-2 - Local Privilege Escalation↗2021-06-15

▶

📋Vendor Advisories

CISA

Red Hat Polkit Incorrect Authorization Vulnerability↗2023-05-12

▶

Microsoft

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged↗2022-02-08

▶

Red Hat

polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync()↗2021-06-03

▶

Ubuntu

polkit vulnerability↗2021-06-03

▶

Debian

CVE-2021-3560: policykit-1 - It was found that polkit could be tricked into bypassing the credential checks f...↗2021

▶