1. CVE-Search
  2. CVE-2021-41617
ID CVE-2021-41617
Summary sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.2:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.3:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.3:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.4:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.4:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.5:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.5:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.6:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.6:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.7:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.7:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.8:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.8:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.9:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.9:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.0:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.1:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.1:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.2:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.2:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.2:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.3:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.3:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.4:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.4:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.4:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.5:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.5:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.5:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.5:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.6:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.6:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.6:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.6:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.7:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.7:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.7:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.7:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.8:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.8:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.8:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.8:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.9:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.9:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:7.9:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.0:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.0:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.0:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.1:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.1:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.1:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.1:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.3:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.3:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.3:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.3:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.4:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.6:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.6:p1:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.7:-:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.7:-:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:8.7:p1:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:8.7:p1:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*
    cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 26-12-2023 - 04:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
Last major update 26-12-2023 - 04:15
Published 26-09-2021 - 19:15
Last modified 26-12-2023 - 04:15
Back to Top