CVE-2021-3621 Information

Description

A flaw was found in SSSD where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command such as via sudo to gain root access. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://sssd.io/release-notes/sssd-2.6.0.html https://bugzilla.redhat.com/show_bug.cgi?id=1975142

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8