COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-4034

CVE-2021-4034

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2022-06-27
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-4034
⌖ exploited in the wild shame 50/100 exploited-in-wild

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Players implicated

Red Hat · vendorPolkit · product

Description

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Red Hat OpenShift Service on AWS (ROSA) Red Hat In Process vendor-exact · 0.90