Cyber Resilience

CVE-2021-41617

HighUpdated

Published: 26 September 2021

Published
26 September 2021
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0027 51.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-41617 is a high-severity an unspecified weakness vulnerability in Fedoraproject Fedora. Its CVSS base score is 7.0 (High).

Operationally, ranked in the top 48.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of…

more

the sshd process, if the configuration specifies running the command as a different user.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

openbsd
openssh
6.2 — 8.8
fedoraproject
fedora
33, 34, 35
netapp
active iq unified manager
all versions
netapp
clustered data ontap
all versions
netapp
hci management node
all versions
netapp
ontap select deploy administration utility
all versions
netapp
solidfire
all versions
netapp
aff a250 firmware
all versions
netapp
aff 500f firmware
all versions
oracle
http server
12.2.1.2.0, 12.2.1.3.0, 12.2.1.4.0
+2 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References