Cyber Resilience

CVE-2021-27285

HighPublic PoC

Published: 06 January 2025

Published
06 January 2025
Modified
05 September 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 42.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-27285 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Inspur Clusterengine. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 42.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-27285 is a vulnerability discovered in Inspur ClusterEngine version 4.0. The issue enables attackers to escalate local privileges and execute arbitrary commands by targeting the /opt/tsce4/torque6/bin/getJobsByShell component. It is associated with CWE-276 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A local attacker requires only local access to the system, with no privileges, low attack complexity, and no user interaction needed to exploit the vulnerability. Upon successful exploitation, the attacker can achieve privilege escalation, allowing execution of arbitrary commands with elevated permissions.

Mitigation details and further technical information, including potential patches or workarounds, are available in the referenced GitHub repository at https://github.com/fjh1997/CVE-2021-27285.

EU & UK References

Vulnerability details

An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local unauthenticated privilege escalation vulnerability enabling arbitrary command execution with elevated rights via exploitation of a misconfigured binary component.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21532Shared CWE-276
CVE-2025-24176Shared CWE-276
CVE-2025-1789Shared CWE-276
CVE-2024-43769Shared CWE-276
CVE-2025-0543Shared CWE-276
CVE-2018-9434Shared CWE-276
CVE-2025-7024Shared CWE-276
CVE-2025-24267Shared CWE-276
CVE-2026-25203Shared CWE-276
CVE-2018-9401Shared CWE-276

Affected Assets

inspur
clusterengine
4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the specific privilege escalation flaw in /opt/tsce4/torque6/bin/getJobsByShell to prevent local attacker exploitation.

prevent

Enforces least privilege to prevent unprivileged local attackers (PR:N) from escalating to elevated permissions via the vulnerable binary.

prevent

Establishes secure configuration settings, such as restrictive permissions on the getJobsByShell binary, to address CWE-276 incorrect default permissions.

References