CVE-2021-3560

Description from NVD

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Information Acquisition Date:2023-02-12T12:30Z
CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD References

 https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://bugzilla.redhat.com/show_bug.cgi?id=1961710
     source:MISC
     tags:Issue Tracking    Patch    Vendor Advisory    

This vulnerability may involve a PoC.

Description from Forti

RHSA-2021:2238-Security Advisory

Information Acquisition Date:2022/12/31

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE-2021-35601786
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...188
http://twinybots.ch39
https://securityaffairs.co/wordpress/118877/security/polkit...7
https://twitter.com/GHSecurityLab/status/14030225185297612856
https://www.youtube.com/watch?v=QZhz64yEd0g5
https://github.blog/2021-06-10-privilege-escalation-polkit-...4
https://thehackernews.com/2021/06/7-year-old-polkit-flaw-le...4
https://ift.tt/jNsmJdz9y3
https://github.com/swapravo/polkadots3
https://tryhackme.com/room/polkit3
http://noahblog.360.cn/a-new-exploit-method-for-cve-2021-35...3
https://access.redhat.com/security/cve/CVE-2021-35603
https://www.hackplayers.com/2021/06/escalado-de-privilegios...3
https://www.hackingarticles.in/linux-privilege-escalation-p...3
https://packetstormsecurity.com/files/1652303
https://www.bleepingcomputer.com/news/security/linux-system...3

Information from Twitter

User URL Info Source Date
0xor0ne https://github.blog/2021-06-10-privilege-escalation-polkit-... Source 0xor0ne          1624490971521073159 2023/02/12
0xor0ne https://twitter.com/0xor0ne/status/1624490971521073159/photo/1 Source 0xor0ne          1624490971521073159 2023/02/12
ipssignatures https://twitter.com/0xor0ne/status/1624490971521073159 Source ipssignatures    1624530215283175425 2023/02/12
ipssignatures https://twitter.com/0xor0ne/status/1624490971521073159 Source ipssignatures    1624742128927514625 2023/02/12
CVEtrends https://cvetrends.com Source CVEtrends        1624770308061241345 2023/02/12
ipssignatures https://twitter.com/0xor0ne/status/1624490971521073159 Source ipssignatures    1624832719942217732 2023/02/13
ipssignatures https://twitter.com/0xor0ne/status/1624490971521073159 Source ipssignatures    1625134707959648256 2023/02/13
ipssignatures https://twitter.com/0xor0ne/status/1624490971521073159 Source ipssignatures    1625164901797834752 2023/02/14

List of frequently cited URLs

URLNum of Times Referred to
vulmon.com1786
alerts.vulmon.com188
twinybots.ch39
securityaffairs.co7
twitter.com6
www.youtube.com5
github.blog4
thehackernews.com4
ift.tt3
github.com3
tryhackme.com3
noahblog.360.cn3
access.redhat.com3
www.hackplayers.com3
www.hackingarticles.in3
packetstormsecurity.com3
www.bleepingcomputer.com3

Information from Twitter

User URL Info Source
0xor0ne github.blog Show Tweet
0xor0ne twitter.com Show Tweet
ipssignatures twitter.com Show Tweet
ipssignatures twitter.com Show Tweet
CVEtrends cvetrends.com Show Tweet
ipssignatures twitter.com Show Tweet
ipssignatures twitter.com Show Tweet
ipssignatures twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
Almorabea/Polkit-exploit https://github.com/Almorabea/Polkit-exploit
secnigma/CVE-2021-3560-Polkit-Privilege-Esclation https://github.com/secnigma/CVE-2021-3560-Polkit-Privilege-Esclation
RicterZ/CVE-2021-3560-Authentication-Agent https://github.com/RicterZ/CVE-2021-3560-Authentication-Agent
swapravo/polkadots https://github.com/swapravo/polkadots
hakivvi/CVE-2021-3560 https://github.com/hakivvi/CVE-2021-3560
WinMin/CVE-2021-3560 https://github.com/WinMin/CVE-2021-3560
0dayNinja/CVE-2021-3560 https://github.com/0dayNinja/CVE-2021-3560
AssassinUKG/Polkit-CVE-2021-3560 https://github.com/AssassinUKG/Polkit-CVE-2021-3560
chenaotian/CVE-2021-3560 https://github.com/chenaotian/CVE-2021-3560
BizarreLove/CVE-2021-3560 https://github.com/BizarreLove/CVE-2021-3560
GitHub Search Results: Up to 10
NameURL
Almorabea/Polkit-exploit github.com
secnigma/CVE-2021-3560-Polkit-Privilege-Esclation github.com
RicterZ/CVE-2021-3560-Authentication-Agent github.com
swapravo/polkadots github.com
hakivvi/CVE-2021-3560 github.com
WinMin/CVE-2021-3560 github.com
0dayNinja/CVE-2021-3560 github.com
AssassinUKG/Polkit-CVE-2021-3560 github.com
chenaotian/CVE-2021-3560 github.com
BizarreLove/CVE-2021-3560 github.com
2023/02/14 Score : 0
Added Har-sia Database : 2021/06/03
Last Modified : 2023/02/14
Highest Scored Date : 2021/06/12
Highest Score : 36