VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ce8c-ym9j-aaaq

Essentials
Severities (194)
References (87)
Severity details (140)
Exploits (3)
EPSS
History (0)

Vulnerability ID	VCID-ce8c-ym9j-aaaq
Aliases	CVE-2021-3156
Summary	Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-193	Off-by-one Error
CWE-122	Heap-based Buffer Overflow

System	Score	Found at
cvssv3.1	7.8	http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
ssvc	Attend	http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
ssvc	Attend	http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
ssvc	Attend	http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
ssvc	Attend	http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
ssvc	Attend	http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
ssvc	Attend	http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
ssvc	Attend	http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
ssvc	Attend	http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
ssvc	Attend	http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
generic_textual	High	http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3156.html
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0218
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0219
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0220
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0221
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0222
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0223
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0224
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0225
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0226
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0227
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0395
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0401
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3156.json
epss	0.92019	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92019	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92019	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92159	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92164	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92188	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92188	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92188	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92188	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92188	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92188	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92322	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92322	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92322	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92322	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92325	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92348	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92473	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92473	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92473	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92473	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92631	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.92631	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96328	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96328	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96328	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96328	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96328	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96328	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96328	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96365	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96532	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss	0.96532	https://api.first.org/data/v1/epss?cve=CVE-2021-3156
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1917684
generic_textual	High	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
cvssv3.1	7.8	http://seclists.org/fulldisclosure/2021/Feb/42
cvssv3.1	7.8	http://seclists.org/fulldisclosure/2021/Feb/42
ssvc	Attend	http://seclists.org/fulldisclosure/2021/Feb/42
ssvc	Attend	http://seclists.org/fulldisclosure/2021/Feb/42
cvssv3.1	7.8	http://seclists.org/fulldisclosure/2021/Jan/79
cvssv3.1	7.8	http://seclists.org/fulldisclosure/2021/Jan/79
ssvc	Attend	http://seclists.org/fulldisclosure/2021/Jan/79
ssvc	Attend	http://seclists.org/fulldisclosure/2021/Jan/79
cvssv3.1	7.8	http://seclists.org/fulldisclosure/2024/Feb/3
ssvc	Attend	http://seclists.org/fulldisclosure/2024/Feb/3
cvssv3.1	7.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.8	https://kc.mcafee.com/corporate/index?page=content&id=SB10348
cvssv3.1	7.8	https://kc.mcafee.com/corporate/index?page=content&id=SB10348
ssvc	Attend	https://kc.mcafee.com/corporate/index?page=content&id=SB10348
ssvc	Attend	https://kc.mcafee.com/corporate/index?page=content&id=SB10348
cvssv3.1	7.8	https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
cvssv3.1	7.8	https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
ssvc	Attend	https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
ssvc	Attend	https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
cvssv3.1	7.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
cvssv3.1	7.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
cvssv3.1	7.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
cvssv3.1	7.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
cvssv2	7.2	https://nvd.nist.gov/vuln/detail/CVE-2021-3156
cvssv3	7.8	https://nvd.nist.gov/vuln/detail/CVE-2021-3156
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2021-3156
archlinux	Critical	https://security.archlinux.org/AVG-1431
cvssv3.1	7.8	https://security.gentoo.org/glsa/202101-33
cvssv3.1	7.8	https://security.gentoo.org/glsa/202101-33
ssvc	Attend	https://security.gentoo.org/glsa/202101-33
ssvc	Attend	https://security.gentoo.org/glsa/202101-33
cvssv3.1	7.8	https://security.netapp.com/advisory/ntap-20210128-0001/
cvssv3.1	7.8	https://security.netapp.com/advisory/ntap-20210128-0001/
ssvc	Attend	https://security.netapp.com/advisory/ntap-20210128-0001/
ssvc	Attend	https://security.netapp.com/advisory/ntap-20210128-0001/
cvssv3.1	7.8	https://security.netapp.com/advisory/ntap-20210128-0002/
cvssv3.1	7.8	https://security.netapp.com/advisory/ntap-20210128-0002/
ssvc	Attend	https://security.netapp.com/advisory/ntap-20210128-0002/
ssvc	Attend	https://security.netapp.com/advisory/ntap-20210128-0002/
cvssv3.1	7.8	https://support.apple.com/kb/HT212177
cvssv3.1	7.8	https://support.apple.com/kb/HT212177
ssvc	Attend	https://support.apple.com/kb/HT212177
ssvc	Attend	https://support.apple.com/kb/HT212177
cvssv3.1	7.8	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
cvssv3.1	7.8	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
ssvc	Attend	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
ssvc	Attend	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
generic_textual	High	https://ubuntu.com/security/notices/USN-4705-1
generic_textual	High	https://ubuntu.com/security/notices/USN-4705-2
cvssv3.1	7.8	https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
cvssv3.1	7.8	https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
ssvc	Attend	https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
ssvc	Attend	https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
cvssv3.1	7.8	https://www.debian.org/security/2021/dsa-4839
cvssv3.1	7.8	https://www.debian.org/security/2021/dsa-4839
ssvc	Attend	https://www.debian.org/security/2021/dsa-4839
ssvc	Attend	https://www.debian.org/security/2021/dsa-4839
cvssv3.1	7.8	https://www.kb.cert.org/vuls/id/794544
cvssv3.1	7.8	https://www.kb.cert.org/vuls/id/794544
ssvc	Attend	https://www.kb.cert.org/vuls/id/794544
ssvc	Attend	https://www.kb.cert.org/vuls/id/794544
cvssv3.1	7.8	https://www.openwall.com/lists/oss-security/2021/01/26/3
cvssv3.1	7.8	https://www.openwall.com/lists/oss-security/2021/01/26/3
ssvc	Attend	https://www.openwall.com/lists/oss-security/2021/01/26/3
ssvc	Attend	https://www.openwall.com/lists/oss-security/2021/01/26/3
cvssv3.1	5.3	https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1	7.8	https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpuapr2022.html
ssvc	Attend	https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1	5.3	https://www.oracle.com//security-alerts/cpujul2021.html
cvssv3.1	7.8	https://www.oracle.com//security-alerts/cpujul2021.html
cvssv3.1	7.8	https://www.oracle.com//security-alerts/cpujul2021.html
generic_textual	MODERATE	https://www.oracle.com//security-alerts/cpujul2021.html
ssvc	Attend	https://www.oracle.com//security-alerts/cpujul2021.html
ssvc	Attend	https://www.oracle.com//security-alerts/cpujul2021.html
cvssv3.1	7.8	https://www.oracle.com/security-alerts/cpuoct2021.html
cvssv3.1	7.8	https://www.oracle.com/security-alerts/cpuoct2021.html
cvssv3.1	8.2	https://www.oracle.com/security-alerts/cpuoct2021.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpuoct2021.html
ssvc	Attend	https://www.oracle.com/security-alerts/cpuoct2021.html
ssvc	Attend	https://www.oracle.com/security-alerts/cpuoct2021.html
cvssv3.1	7.8	https://www.sudo.ws/stable.html#1.9.5p2
cvssv3.1	7.8	https://www.sudo.ws/stable.html#1.9.5p2
ssvc	Attend	https://www.sudo.ws/stable.html#1.9.5p2
ssvc	Attend	https://www.sudo.ws/stable.html#1.9.5p2
cvssv3.1	7.8	https://www.synology.com/security/advisory/Synology_SA_21_02
cvssv3.1	7.8	https://www.synology.com/security/advisory/Synology_SA_21_02
ssvc	Attend	https://www.synology.com/security/advisory/Synology_SA_21_02
ssvc	Attend	https://www.synology.com/security/advisory/Synology_SA_21_02
cvssv3.1	7.8	https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
ssvc	Attend	https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/01/26/3
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/01/26/3
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/01/26/3
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/01/26/3
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/01/27/1
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/01/27/1
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/01/27/1
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/01/27/1
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/01/27/2
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/01/27/2
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/01/27/2
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/01/27/2
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/02/15/1
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/02/15/1
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/02/15/1
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/02/15/1
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/09/14/2
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2021/09/14/2
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/09/14/2
ssvc	Attend	http://www.openwall.com/lists/oss-security/2021/09/14/2
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2024/01/30/6
ssvc	Attend	http://www.openwall.com/lists/oss-security/2024/01/30/6
cvssv3.1	7.8	http://www.openwall.com/lists/oss-security/2024/01/30/8
ssvc	Attend	http://www.openwall.com/lists/oss-security/2024/01/30/8

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
		http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
		http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
		http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
		http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
		http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3156.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3156.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-3156
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
		http://seclists.org/fulldisclosure/2021/Feb/42
		http://seclists.org/fulldisclosure/2021/Jan/79
		http://seclists.org/fulldisclosure/2024/Feb/3
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://kc.mcafee.com/corporate/index?page=content&id=SB10348
		https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
		https://security.gentoo.org/glsa/202101-33
		https://security.netapp.com/advisory/ntap-20210128-0001/
		https://security.netapp.com/advisory/ntap-20210128-0002/
		https://support.apple.com/kb/HT212177
		https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
		https://ubuntu.com/security/notices/USN-4705-1
		https://ubuntu.com/security/notices/USN-4705-2
		https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
		https://www.debian.org/security/2021/dsa-4839
		https://www.kb.cert.org/vuls/id/794544
		https://www.openwall.com/lists/oss-security/2021/01/26/3
		https://www.oracle.com/security-alerts/cpuapr2022.html
		https://www.oracle.com//security-alerts/cpujul2021.html
		https://www.oracle.com/security-alerts/cpuoct2021.html
		https://www.sudo.ws/stable.html#1.9.5p2
		https://www.synology.com/security/advisory/Synology_SA_21_02
		https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
		http://www.openwall.com/lists/oss-security/2021/01/26/3
		http://www.openwall.com/lists/oss-security/2021/01/27/1
		http://www.openwall.com/lists/oss-security/2021/01/27/2
		http://www.openwall.com/lists/oss-security/2021/02/15/1
		http://www.openwall.com/lists/oss-security/2021/09/14/2
		http://www.openwall.com/lists/oss-security/2024/01/30/6
		http://www.openwall.com/lists/oss-security/2024/01/30/8
1917684		https://bugzilla.redhat.com/show_bug.cgi?id=1917684
ASA-202101-25		https://security.archlinux.org/ASA-202101-25
AVG-1431		https://security.archlinux.org/AVG-1431
cpe:2.3:a:beyondtrust:privilege_management_for_mac::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:beyondtrust:privilege_management_for_mac::::::::
cpe:2.3:a:beyondtrust:privilege_management_for_unix\/linux:::::basic:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:beyondtrust:privilege_management_for_unix\/linux:::::basic:::*
cpe:2.3:a:mcafee:web_gateway:10.0.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway:10.0.4:::::::*
cpe:2.3:a:mcafee:web_gateway:8.2.17:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway:8.2.17:::::::*
cpe:2.3:a:mcafee:web_gateway:9.2.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway:9.2.8:::::::*
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:cloud_backup:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
cpe:2.3:a:netapp:solidfire:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:oracle:communications_performance_intelligence_center::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_performance_intelligence_center::::::::
cpe:2.3:a:oracle:tekelec_platform_distribution::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:tekelec_platform_distribution::::::::
cpe:2.3:a:sudo_project:sudo::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo::::::::
cpe:2.3:a:sudo_project:sudo:1.9.5:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.9.5:-::::::
cpe:2.3:a:sudo_project:sudo:1.9.5:patch1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.9.5:patch1::::::
cpe:2.3:a:synology:diskstation_manager:6.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:synology:diskstation_manager:6.2:::::::*
cpe:2.3:a:synology:diskstation_manager_unified_controller:3.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:synology:diskstation_manager_unified_controller:3.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:32:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:synology:diskstation_manager:6.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:synology:diskstation_manager:6.2:::::::*
CVE-2021-3156	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/49521.py
CVE-2021-3156	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/49522.c
CVE-2021-3156		https://nvd.nist.gov/vuln/detail/CVE-2021-3156
RHSA-2021:0218		https://access.redhat.com/errata/RHSA-2021:0218
RHSA-2021:0219		https://access.redhat.com/errata/RHSA-2021:0219
RHSA-2021:0220		https://access.redhat.com/errata/RHSA-2021:0220
RHSA-2021:0221		https://access.redhat.com/errata/RHSA-2021:0221
RHSA-2021:0222		https://access.redhat.com/errata/RHSA-2021:0222
RHSA-2021:0223		https://access.redhat.com/errata/RHSA-2021:0223
RHSA-2021:0224		https://access.redhat.com/errata/RHSA-2021:0224
RHSA-2021:0225		https://access.redhat.com/errata/RHSA-2021:0225
RHSA-2021:0226		https://access.redhat.com/errata/RHSA-2021:0226
RHSA-2021:0227		https://access.redhat.com/errata/RHSA-2021:0227
RHSA-2021:0395		https://access.redhat.com/errata/RHSA-2021:0395
RHSA-2021:0401		https://access.redhat.com/errata/RHSA-2021:0401
USN-4705-1		https://usn.ubuntu.com/4705-1/
USN-4705-2		https://usn.ubuntu.com/4705-2/

Data source	Exploit-DB
Date added	Feb. 3, 2021
Description	Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2)
Ransomware campaign use	Unknown
Source publication date	Feb. 3, 2021
Exploit type	local
Platform	multiple
Source update date	Feb. 3, 2021

Data source	Metasploit
Description	A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.
Note	AKA: - Baron Samedit SideEffects: - artifacts-on-disk - ioc-in-logs Reliability: - repeatable-session Stability: - crash-safe
Ransomware campaign use	Unknown
Source publication date	Jan. 26, 2021
Platform	Linux,Unix
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/sudo_baron_samedit.rb

Data source	KEV
Date added	April 6, 2022
Description	Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
Required action	Apply updates per vendor instructions.
Due date	April 27, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2021-3156
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3156.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Feb/42

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Feb/42

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://seclists.org/fulldisclosure/2021/Feb/42

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Jan/79

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Jan/79

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://seclists.org/fulldisclosure/2021/Jan/79

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2024/Feb/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://seclists.org/fulldisclosure/2024/Feb/3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10348

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10348

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10348

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3156

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3156

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3156

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202101-33

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202101-33

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://security.gentoo.org/glsa/202101-33

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20210128-0001/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20210128-0001/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://security.netapp.com/advisory/ntap-20210128-0001/

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20210128-0002/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20210128-0002/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://security.netapp.com/advisory/ntap-20210128-0002/

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT212177

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT212177

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://support.apple.com/kb/HT212177

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4839

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4839

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.debian.org/security/2021/dsa-4839

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.kb.cert.org/vuls/id/794544

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.kb.cert.org/vuls/id/794544

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.kb.cert.org/vuls/id/794544

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2021/01/26/3

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2021/01/26/3

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.openwall.com/lists/oss-security/2021/01/26/3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com//security-alerts/cpujul2021.html

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com//security-alerts/cpujul2021.html

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com//security-alerts/cpujul2021.html

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.oracle.com//security-alerts/cpujul2021.html

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2021.html

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2021.html

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Found at https://www.oracle.com/security-alerts/cpuoct2021.html

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.oracle.com/security-alerts/cpuoct2021.html

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.sudo.ws/stable.html#1.9.5p2

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.sudo.ws/stable.html#1.9.5p2

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.sudo.ws/stable.html#1.9.5p2

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.synology.com/security/advisory/Synology_SA_21_02

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.synology.com/security/advisory/Synology_SA_21_02

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.synology.com/security/advisory/Synology_SA_21_02

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/26/3

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/26/3

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/01/26/3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/27/1

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/27/1

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/01/27/1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/27/2

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/27/2

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/01/27/2

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/02/15/1

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/02/15/1

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/02/15/1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/09/14/2

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/09/14/2

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/09/14/2

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/01/30/6

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2024/01/30/6

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/01/30/8

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2024/01/30/8

Exploit Prediction Scoring System (EPSS)

Percentile	0.99688
EPSS Score	0.92019
Published At	May 3, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.