CVE-2021-41617

HIGH

OpenSSH 6.2-8.x - Privilege Escalation via AuthorizedKeysCommand and AuthorizedPrincipalsCommand Helper Programs

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-41617. PoCs published by AdnanApriliyansyahh.

AI-analyzed exploit summary This PoC is a simple SSH banner grabber that checks if the target OpenSSH version is vulnerable to CVE-2021-41617. It does not exploit the vulnerability but scans for affected versions.

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Exploits (1)

nomisec SCANNER 2 stars

by AdnanApriliyansyahh · poc

https://github.com/AdnanApriliyansyahh/CVE-2021-41617

View Code ZIP pw:eip

This PoC is a simple SSH banner grabber that checks if the target OpenSSH version is vulnerable to CVE-2021-41617. It does not exploit the vulnerability but scans for affected versions.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OpenSSH versions >=6.2 and <8.8

No auth needed

Prerequisites: Network access to the target's SSH port (default 22)

MITRE ATT&CK

T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Issue Tracking, Patch, Third Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1190975

Third Party Advisory

https://security.netapp.com/advisory/ntap-20211014-0004/

Vendor Advisory

https://www.openssh.com/security.html

Release Notes, Vendor Advisory

https://www.openssh.com/txt/release-8.8

Mailing List, Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/09/26/1

Patch, Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

https://www.starwindsoftware.com/security/sw-20220805-0001/

Third Party Advisory

https://www.tenable.com/plugins/nessus/154174

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5586

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Scores

CVSS v3 7.0

EPSS 0.0237

EPSS Percentile 81.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (16)

fedoraproject/fedora 33

fedoraproject/fedora 34

fedoraproject/fedora 35

netapp/active_iq_unified_manager

netapp/aff_500f_firmware

netapp/aff_a250_firmware

netapp/clustered_data_ontap

netapp/hci_management_node

netapp/ontap_select_deploy_administration_utility

netapp/solidfire

... and 6 more

Published Sep 26, 2021

Tracked Since Feb 18, 2026