High severity7.0NVD Advisory· Published Sep 26, 2021· Updated May 12, 2026

CVE-2021-41617

Description

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Affected products

NetApp/Active Iq Unified Manager
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
NetApp/Clustered Data Ontap
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
NetApp/Hci Management Node
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
NetApp/Ontap Select Deploy Administration Utility
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
NetApp/Solidfire
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
OpenBSD/OpenSSH
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Range: >=6.2,<8.8
Oracle Corporation/Http Server3 versions
cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:http_server:12.2.1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
Oracle Corporation/Zfs Storage Appliance Kit
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Starwindsoftware/Starwind Virtual San
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8r13:14398:*:*:*:*:*:*
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
NetApp/Aff 500f Firmware
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
NetApp/Aff A250 Firmware
cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
OpenSSH/OpenSSHdescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.suse.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party Advisory
security.netapp.com/advisory/ntap-20211014-0004/nvdThird Party Advisory
www.openssh.com/security.htmlnvdVendor Advisory
www.openssh.com/txt/release-8.8nvdRelease NotesVendor Advisory
www.openwall.com/lists/oss-security/2021/09/26/1nvdMailing ListThird Party Advisory
www.oracle.com/security-alerts/cpujul2022.htmlnvdThird Party Advisory
www.starwindsoftware.com/security/sw-20220805-0001/nvdThird Party Advisory
cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
lists.debian.org/debian-lts-announce/2023/12/msg00017.htmlnvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/nvd
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/nvd
www.debian.org/security/2023/dsa-5586nvd
www.tenable.com/plugins/nessus/154174nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000