Local Privilege Escalation Vulnerability in Dogtag Certificate System by Red Hat
CVE-2021-3551

7.8HIGH

Key Information:

Vendor: Dogtagpki
Status: Pki-server
Vendor: CVE Published:; 16 February 2022

What is CVE-2021-3551?

A local privilege escalation vulnerability exists in the Dogtag Certificate System due to a flaw in the spkispawn command when executed in debug mode. This issue allows local attackers to access the installation log file, which potentially contains sensitive administrator credentials. By exploiting this vulnerability, an attacker could gain unauthorized access to the Dogtag CA manager, leading to significant security implications for the confidentiality of sensitive information.

Affected Version(s)

pki-server pki-core 10.10.6

References

https://bugzilla.redhat.com/show_bug.cgi?id=1959971

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2022
Vulnerability Reserved
May 13, 2021

Dogtagpki

What is CVE-2021-3551?

Affected Version(s)

References

CVSS V3.1

Timeline