Hurd
CVE-2021-43414
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access.
AnalysisAI
An issue was discovered in GNU Hurd before 0.9 20210404-9. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. Affected products include: Gnu Hurd. Version information: before 0.9.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
An issue was discovered in GNU Hurd before 0.9 20210404-9. Rated high severity (CVSS 8.8), this vulnerability is remotel
An issue was discovered in GNU Hurd before 0.9 20210404-9. Rated high severity (CVSS 7.8), this vulnerability is low att
An issue was discovered in GNU Hurd before 0.9 20210404-9. Rated high severity (CVSS 7.5), this vulnerability is remotel
Same weakness CWE-287 – Improper Authentication
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today