Vulnerability Details CVE-2021-25321
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2021-25321
-
cpe:2.3:a:opensuse:factory:-
-
cpe:2.3:a:suse:arpwatch:-
-
cpe:2.3:a:suse:arpwatch:2.1a15
-
cpe:2.3:a:suse:arpwatch:2.1a15-169.5
-
cpe:2.3:a:suse:arpwatch:2.1a15-lp152.5.5
-
cpe:2.3:a:suse:manager_server:4.0
-
cpe:2.3:a:suse:openstack_cloud_crowbar:9.0
-
cpe:2.3:o:opensuse:leap:15.2
-
cpe:2.3:o:suse:linux_enterprise_server:11