CVE-2021-27285
Published: 06 January 2025
Summary
CVE-2021-27285 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Inspur Clusterengine. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 42.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-27285 is a vulnerability discovered in Inspur ClusterEngine version 4.0. The issue enables attackers to escalate local privileges and execute arbitrary commands by targeting the /opt/tsce4/torque6/bin/getJobsByShell component. It is associated with CWE-276 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.
A local attacker requires only local access to the system, with no privileges, low attack complexity, and no user interaction needed to exploit the vulnerability. Upon successful exploitation, the attacker can achieve privilege escalation, allowing execution of arbitrary commands with elevated permissions.
Mitigation details and further technical information, including potential patches or workarounds, are available in the referenced GitHub repository at https://github.com/fjh1997/CVE-2021-27285.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-14050
Vulnerability details
An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local unauthenticated privilege escalation vulnerability enabling arbitrary command execution with elevated rights via exploitation of a misconfigured binary component.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the specific privilege escalation flaw in /opt/tsce4/torque6/bin/getJobsByShell to prevent local attacker exploitation.
Enforces least privilege to prevent unprivileged local attackers (PR:N) from escalating to elevated permissions via the vulnerable binary.
Establishes secure configuration settings, such as restrictive permissions on the getJobsByShell binary, to address CWE-276 incorrect default permissions.