Multiple Privilege Escalation Vulnerabilities Pihole
CVE-2021-29449

6.3MEDIUM

Key Information:

Vendor

Pi-hole

Status
Pi-hole
Vendor
CVE Published:
14 April 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 11%

What is CVE-2021-29449?

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.

Affected Version(s)

pi-hole <= 5.2.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2021-29449
Created by Rapid7

References

https://github.com/pi-hole/pi-hole/security/advisories/GH...
x_refsource_CONFIRM
https://www.compass-security.com/fileadmin/Research/Advis...
x_refsource_MISC
http://packetstormsecurity.com/files/163715/Pi-Hole-Remov...
x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.