CVE-2021-25321
Published: Jun 30, 2021
Modified: Sep 16, 2024
CVSS v3.1
7.8
Description
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
| Vendor | Product | Versions |
|---|---|---|
SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS | affected arpwatch - < 2.1a15 |
SUSE | SUSE Manager Server 4.0 | affected arpwatch - < 2.1a15 |
SUSE | SUSE OpenStack Cloud Crowbar 9 | affected arpwatch - < 2.1a15 |
openSUSE | Factory | affected arpwatch - <= 2.1a15-169.5 |
openSUSE | Leap 15.2 | affected arpwatch - <= 2.1a15-lp152.5.5 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now