CVE-2021-36795

HIGH

Cohesity Linux Agent < 6.5.1d - Incorrect Default Permissions

Title source: rule

Description

A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/cohesity/SecAdvisory/blob/master/CVE-2021-36795.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0021

EPSS Percentile 11.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (3)

cohesity/linux_agent 6.5.1d hotfix10

cohesity/linux_agent 6.6.0b hotfix1

cohesity/linux_agent 6.5.1b - 6.5.1d

Published Aug 06, 2021

Tracked Since Feb 18, 2026