1. CVE-Search
  2. CVE-2021-25321
ID CVE-2021-25321
Summary A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
References
Vulnerable Configurations
  • cpe:2.3:a:suse:arpwatch:-:*:*:*:*:*:*:*
    cpe:2.3:a:suse:arpwatch:-:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*
  • cpe:2.3:a:suse:arpwatch:2.1a15:*:*:*:*:*:*:*
    cpe:2.3:a:suse:arpwatch:2.1a15:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:arpwatch:2.1a15-169.5:*:*:*:*:*:*:*
    cpe:2.3:a:suse:arpwatch:2.1a15-169.5:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
    cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:arpwatch:2.1a15-lp152.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:suse:arpwatch:2.1a15-lp152.5.5:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 22-06-2023 - 19:09)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
Last major update 22-06-2023 - 19:09
Published 30-06-2021 - 09:15
Last modified 22-06-2023 - 19:09
Back to Top