CVE-2021-3560 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3560 PUBLISHED KEV

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

EPSS 11.74% · 93.6th percentile

Risk Scores

EPSS Score

11.74%

93.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	policykit-1	0
Ubuntu:20.04:LTS	policykit-1	0, 0.105-26ubuntu1

Timeline

Jun 3, 2021 CVE Published
Jun 15, 2021 PoC Published
Jul 10, 2021 PoC Published
Feb 17, 2022 EPSS Score
Jul 15, 2022 EPSS Score
Nov 15, 2022 EPSS Score
May 12, 2023 CISA KEV Added
May 13, 2023 EPSS Score
Mar 19, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 30, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2021-3560 third-party-advisory
https://ubuntu.com/security/notices/USN-4980-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2021-3560 third-party-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory

Open in Interactive Console →