certfr_avis - certfr-2022-avi-223

CERTFR-2022-AVI-223

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs et de la mesure de contournement proposée (cf. section Documentation).

Séries UC-2100 micrologiciel versions 1.2 et antérieures
Séries UC-2100-W micrologiciel versions 1.2 et antérieures
Séries UC-3100 micrologiciel versions 1.1 et antérieures
Séries UC-5100 micrologiciel versions 1.3 et antérieures
Séries UC-8100A-ME-T micrologiciel versions 1.5 et antérieures
Séries V2406C micrologiciel versions 1.2 et antérieures
Séries V2403C micrologiciel versions 1.0 et antérieures
Séries MC-1220 micrologiciel versions 1.4 et antérieures
Séries DA-681C micrologiciel versions 1.1 et antérieures
Séries DA-682C micrologiciel versions 1.2 et antérieures
Séries DA-820C micrologiciel versions 1.2 et antérieures
Séries AIG-501 micrologiciel versions 1.1 et antérieures
Séries MPC-2070 micrologiciel versions 1.0 et antérieures
Séries MPC-2101 micrologiciel versions 1.0 et antérieures
Séries MPC-2120 micrologiciel versions 1.0 et antérieures
Séries MPC-2121 micrologiciel versions 1.0 et antérieures
Séries MPC-2190 micrologiciel versions 1.0 et antérieures
Séries MPC-2240 micrologiciel versions 1.0 et antérieures
Séries EXPC-1519 micrologiciel versions 1.0 et antérieures

L'éditeur ne propose pas de micrologiciel à installer pour la correction de la vulnérabilité identifiée CVE-2021-4034.
Une procédure est listée dans la partie Solution de l'avis et est à appliquer sur chaque équipement vulnérable.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa du 09 mars 2022	None	vendor-advisory
Bulletin d'actualité CERTFR-2022-ACT-004 du 31 janvier 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eS\u00e9ries UC-2100 micrologiciel versions 1.2 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries UC-2100-W micrologiciel versions 1.2 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries UC-3100 micrologiciel versions 1.1 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries UC-5100 micrologiciel versions 1.3 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries UC-8100A-ME-T micrologiciel versions 1.5 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries V2406C micrologiciel versions 1.2 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries V2403C micrologiciel versions 1.0 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries MC-1220 micrologiciel versions 1.4 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries DA-681C micrologiciel versions 1.1 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries DA-682C micrologiciel versions 1.2 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries DA-820C micrologiciel versions 1.2 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries AIG-501 micrologiciel versions 1.1 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries MPC-2070 micrologiciel versions 1.0 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries MPC-2101 micrologiciel versions 1.0 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries MPC-2120 micrologiciel versions 1.0 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries MPC-2121 micrologiciel versions 1.0 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries MPC-2190 micrologiciel versions 1.0 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries MPC-2240 micrologiciel versions 1.0 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eS\u00e9ries EXPC-1519 micrologiciel versions 1.0 et ant\u00e9rieures\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne propose pas de micrologiciel \u00e0 installer pour la correction de la vuln\u00e9rabilit\u00e9 identifi\u00e9e CVE-2021-4034.\u003cbr /\u003e Une proc\u00e9dure est list\u00e9e dans la partie Solution de l\u0027avis et est \u00e0 appliquer sur chaque \u00e9quipement vuln\u00e9rable.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs et de la mesure de contournement propos\u00e9e (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    }
  ],
  "initial_release_date": "2022-03-09T00:00:00",
  "last_revision_date": "2022-03-09T00:00:00",
  "links": [
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTFR-2022-ACT-004 du 31 janvier 2022",
      "url": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2022-ACT-004/"
    }
  ],
  "reference": "CERTFR-2022-AVI-223",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Moxa. Elle permet \u00e0\nun attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa du 09 mars 2022",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/moxas-response-regarding-the-pwnkit-vulnerability"
    }
  ]
}

CVE-2021-4034 (GCVE-0-2021-4034)

Vulnerability from cvelistv5

Published

2022-01-28 00:00

Modified

2025-10-21 23:15

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - (|CWE-125)

Summary

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

References

URL

Tags

	https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
	https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
	https://bugzilla.redhat.com/show_bug.cgi?id=2025869
	https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
	https://www.oracle.com/security-alerts/cpuapr2022.html
	http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
	http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
	https://www.suse.com/support/kb/doc/?id=000020564
	https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
	https://www.starwindsoftware.com/security/sw-20220818-0001/
	https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/

Impacted products

	Vendor	Product	Version
	n/a	polkit	Version: all

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-23T18:05:54.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000020564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-4034",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-12T10:21:57.857346Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-06-27",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:48.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-06-27T00:00:00+00:00",
            "value": "CVE-2021-4034 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "polkit",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "all"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "(CWE-787|CWE-125)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-18T00:16:44.133Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
        },
        {
          "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
        },
        {
          "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
        },
        {
          "url": "https://www.suse.com/support/kb/doc/?id=000020564"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
        },
        {
          "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
        },
        {
          "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4034",
    "datePublished": "2022-01-28T00:00:00.000Z",
    "dateReserved": "2021-11-29T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:48.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2022-AVI-223

Vulnerability from certfr_avis

Solution

CVE-2021-4034 (GCVE-0-2021-4034)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature