PwnKit/CVE-2021-4034 Exploited in the Wild

  |  Source: 
Information & Technology

PwnKit/CVE-2021-4034 Exploited in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has added the PwnKit/CVE-2021-4034 vulnerability to its exploited vulnerabilities catalog. The local privilege escalation vulnerability was identified in January 2022, by researchers at Qualys. The vulnerability impacts all major Linux distributions including Ubuntu, Debian, Fedora, and CentOS. NIST describes the  vulnerability as, "An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine." CISA has given all organizations, including all Federal Civilian Executive Branch Agencies (FCEB) agencies, the deadline of July 18th to patch the vulnerability.


Get trending threats published weekly by the Anvilogic team.

Sign Up Now