Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2021-44225

Published: 26/11/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Keepalived

Vulnerability Summary

In Keepalived up to and including 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

keepalived keepalived

fedoraproject fedora 34

fedoraproject fedora 35

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update
Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Amazon Linux 2: ALAS2-2023-2168
A flaw was found in keepalived, where an improper authentication vulnerability allows an unprivileged user to change properties that could lead to an access-control bypass (CVE-2021-44225) ...
Arch Linux Issues:
In Keepalived through 224, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property ...
Amazon Linux 2022: ALAS2022-2022-038
A flaw was found in keepalived, where an improper authentication vulnerability allows an unprivileged user to change properties that could lead to an access-control bypass (CVE-2021-44225) ...

References

NVD-CWE-Otherhttps://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3dhttps://github.com/acassen/keepalived/pull/2063https://lists.debian.org/debian-lts-announce/2023/04/msg00012.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/https://access.redhat.com/errata/RHSA-2022:5069https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2168.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgeryCVE-2024-34351CVE-2024-1076CVE-2024-25522CVE-2024-34547CVE-2024-4644unauthorizedremoteCVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook