CVE-2021-41617

Advisory lineage Upstream: 0 Downstream: 19

Downstream

ALPINE-CVE-2021-41617 DEBIAN-CVE-2021-41617 DLA-3694-1 MGASA-2021-0561 OPENSUSE-SU-2021:3950-1 OPENSUSE-SU-2024:13842-1

Modified

Published: 26 Sept 2021, 00:00

Last modified:12 May 2026, 10:12

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7 HIGH

v3.1 (nvd)

EPSS Score

0.27% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Sept 2021, 00:00

Published

Vulnerability first disclosed

12 May 2026, 10:12

Last Modified

Vulnerability information updated

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

CVSS Metrics

v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 4.4AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.27%• Percentile: 51%

Affected Systems

fedoraproject•fedora
33 | 34 | 35
netapp•active_iq_unified_manager
na
netapp•aff_500f_firmware
na
netapp•aff_a250_firmware
na
netapp•clustered_data_ontap
na
netapp•hci_management_node
na
netapp•ontap_select_deploy_administration_utility
na
netapp•solidfire
na
openbsd•openssh
≥ 6.2, < 8.8
oracle•http_server
12.2.1.2.0 | 12.2.1.3.0 | 12.2.1.4.0
oracle•zfs_storage_appliance_kit
8.8
starwindsoftware•starwind_virtual_san
v8r13:14398