CVE-2021-28041 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2021-28041?
CVE-2021-28041 is a high-severity vulnerability affecting ssh-agent in OpenSSH before version 8.5. Systems running OpenSSH before this version, including specific configurations of Fedora Project, Oracle, and NetApp products, are at risk. This vulnerability could potentially allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. It is crucial for organizations to update their systems to the latest version of OpenSSH to mitigate this security risk.
Who is impacted by this?
The CVE-2021-28041 vulnerability affects users of OpenSSH before version 8.5, including those using Fedora Project Fedora 33 and 34, NetApp Cloud Backup, NetApp HCI Management Node, NetApp Solidfire, Oracle Communications Offline Mediation Controller 12.0.0.3.0, and Oracle ZFS Storage Appliance 8.8. Specifically, OpenSSH versions from 8.2 up to (excluding) 8.5 are impacted.
What to do if CVE-2021-28041 affected you
If you're affected by the CVE-2021-28041 vulnerability, it's important to update your systems to mitigate the risk. Follow these steps:
For Fedora 33 users, run the command:
su -c 'dnf upgrade --advisory FEDORA-2021-1d3698089d'
For Fedora 34 users, run the command:
su -c 'dnf upgrade --advisory FEDORA-2021-f68a5a75ba'
For Gentoo users, run these commands:
emerge --sync
emerge --ask --oneshot --verbose ">=net-misc/openssh-8.5_p1"
By updating your systems, you can protect against this high-severity vulnerability and maintain a secure remote work environment.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-28041 vulnerability, also known as Double Free in ssh-agent in OpenSSH before 8.5, is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-415, which is a Double Free issue in OpenSSH before version 8.5.
Learn More
For more information about the CVE-2021-28041 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-28041 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2021-28041?
CVE-2021-28041 is a high-severity vulnerability affecting ssh-agent in OpenSSH before version 8.5. Systems running OpenSSH before this version, including specific configurations of Fedora Project, Oracle, and NetApp products, are at risk. This vulnerability could potentially allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. It is crucial for organizations to update their systems to the latest version of OpenSSH to mitigate this security risk.
Who is impacted by this?
The CVE-2021-28041 vulnerability affects users of OpenSSH before version 8.5, including those using Fedora Project Fedora 33 and 34, NetApp Cloud Backup, NetApp HCI Management Node, NetApp Solidfire, Oracle Communications Offline Mediation Controller 12.0.0.3.0, and Oracle ZFS Storage Appliance 8.8. Specifically, OpenSSH versions from 8.2 up to (excluding) 8.5 are impacted.
What to do if CVE-2021-28041 affected you
If you're affected by the CVE-2021-28041 vulnerability, it's important to update your systems to mitigate the risk. Follow these steps:
For Fedora 33 users, run the command:
su -c 'dnf upgrade --advisory FEDORA-2021-1d3698089d'
For Fedora 34 users, run the command:
su -c 'dnf upgrade --advisory FEDORA-2021-f68a5a75ba'
For Gentoo users, run these commands:
emerge --sync
emerge --ask --oneshot --verbose ">=net-misc/openssh-8.5_p1"
By updating your systems, you can protect against this high-severity vulnerability and maintain a secure remote work environment.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-28041 vulnerability, also known as Double Free in ssh-agent in OpenSSH before 8.5, is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-415, which is a Double Free issue in OpenSSH before version 8.5.
Learn More
For more information about the CVE-2021-28041 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-28041 Report - Details, Severity, & Advisories
Twingate Team
•
Jun 6, 2024
What is CVE-2021-28041?
CVE-2021-28041 is a high-severity vulnerability affecting ssh-agent in OpenSSH before version 8.5. Systems running OpenSSH before this version, including specific configurations of Fedora Project, Oracle, and NetApp products, are at risk. This vulnerability could potentially allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. It is crucial for organizations to update their systems to the latest version of OpenSSH to mitigate this security risk.
Who is impacted by this?
The CVE-2021-28041 vulnerability affects users of OpenSSH before version 8.5, including those using Fedora Project Fedora 33 and 34, NetApp Cloud Backup, NetApp HCI Management Node, NetApp Solidfire, Oracle Communications Offline Mediation Controller 12.0.0.3.0, and Oracle ZFS Storage Appliance 8.8. Specifically, OpenSSH versions from 8.2 up to (excluding) 8.5 are impacted.
What to do if CVE-2021-28041 affected you
If you're affected by the CVE-2021-28041 vulnerability, it's important to update your systems to mitigate the risk. Follow these steps:
For Fedora 33 users, run the command:
su -c 'dnf upgrade --advisory FEDORA-2021-1d3698089d'
For Fedora 34 users, run the command:
su -c 'dnf upgrade --advisory FEDORA-2021-f68a5a75ba'
For Gentoo users, run these commands:
emerge --sync
emerge --ask --oneshot --verbose ">=net-misc/openssh-8.5_p1"
By updating your systems, you can protect against this high-severity vulnerability and maintain a secure remote work environment.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-28041 vulnerability, also known as Double Free in ssh-agent in OpenSSH before 8.5, is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-415, which is a Double Free issue in OpenSSH before version 8.5.
Learn More
For more information about the CVE-2021-28041 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions