CVE-2021-3560
Published: May 12, 2023
Official Description
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
CISA KEV Advisory
Red Hat Polkit Incorrect Authorization Vulnerability
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
Apply updates per vendor instructions.
Risk Analysis
This incorrect authorization vulnerability in Red Hat Polkit allows for privilege escalation by bypassing credential checks for D-Bus requests. An attacker could gain elevated privileges on the system. The high severity and confirmed exploitation in the wild make this an urgent concern.
This vulnerability has been actively exploited in the wild and is listed in CISA's KEV catalog, indicating a high likelihood of successful attacks. This confirms that threat actors are leveraging this flaw.
Apply the latest security updates for Red Hat Polkit to address this privilege escalation vulnerability. Ensure proper authorization policies are enforced for D-Bus requests.
Technical Analysis
CVE-2021-3560 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CISA has added CVE-2021-3560 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
Affected Vendors & Products
Exploit & PoC Resources
All References (2)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2021-3560 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1