CVE-2021-36795

Published: Aug 6, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges.

Affected (4)

Products: Cohesity: Linux Agent

Cohesity

1 product

Linux Agent

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cohesity Linux Agent	From 6.5.1b to 6.5.1d
Cohesity Linux Agent	From 6.6.0a to 6.6.0b
Cohesity Linux Agent	Version 6.5.1d hotfix10
Cohesity Linux Agent	Version 6.6.0b hotfix1

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-36795.md

Source: cve@mitre.org

Third Party Advisory

https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-36795.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.