CVE-2021-25321 — Vulnetix

CVE-2021-25321 PUBLISHED

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

EPSS 0.03% · 9.2th percentile

Risk Scores

EPSS Score

0.03%

9.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	arpwatch	0, 2.1a15-2

Exploit Intelligence

https://bugzilla.suse.com/show_bug.cgi?id=1186240 (nist-nvd)

Timeline

Jun 30, 2021 CVE Published
Jul 1, 2021 EPSS Score
Aug 30, 2021 EPSS Score
Oct 29, 2021 EPSS Score
Dec 28, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 27, 2022 EPSS Score
Aug 27, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 25, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-25321 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-25321 third-party-advisory

Open in Interactive Console →