{
"request": {
"index": "exploits",
"id_type": "cve",
"id": "CVE-2021-4034",
"time": 1668730962
},
"exploit_found": true,
"max_exploit_maturity": "weaponized",
"reported_exploited_in_the_wild": true,
"reported_exploited_by_named_threat_actors": true,
"reported_exploited_by_ransomware": false,
"reported_exploited_by_botnets": true,
"timeline": {
"nvd_published": "2022-01-28",
"first_exploit_published": "2022-01-25",
"first_exploit_poc_or_higher": "2022-01-25",
"first_exploit_weaponized_or_higher": "2022-01-26",
"most_recent_exploit_published": "2022-10-13",
"first_reported_threat_actor": "2022-06-15",
"most_recent_reported_threat_actor": "2022-06-15",
"first_reported_botnet": "2022-06-07",
"most_recent_reported_botnet": "2022-06-07",
"cisa_kev_date_added": "2022-06-27",
"cisa_kev_date_due": "2022-07-18"
},
"trending": {
"github": false
},
"epss": {
"epss_score": 0.04106,
"epss_percentile": 0.85584
},
"counts": {
"exploits": 51,
"threat_actors": 1,
"botnets": 1
},
"exploits": [
{
"url": "https://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html",
"name": "Polkit pkexec Local Privilege Escalation",
"refsource": "packetstorm",
"date_added": "2022-03-03",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://github.com/fdellwing/CVE-2021-4034",
"name": "fdellwing/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/chenaotian/CVE-2021-4034",
"name": "chenaotian/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/navisec/CVE-2021-4034-PwnKit",
"name": "navisec/CVE-2021-4034-PwnKit exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-30",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/v-rzh/CVE-2021-4034",
"name": "v-rzh/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-29",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/Pixailz/CVE-2021-4034",
"name": "Pixailz/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-10-10",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/zhzyker/CVE-2021-4034",
"name": "zhzyker/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://gitlab.com/RekGRpth/CVE-2021-4034",
"name": "RekGRpth/CVE-2021-4034 exploit repository",
"refsource": "gitlab-exploits",
"date_added": "2022-03-03",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"name": "A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"refsource": "nvd",
"date_added": "2022-01-28",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://github.com/rapid7/metasploit-framework",
"name": "Local Privilege Escalation in polkits pkexec",
"refsource": "metasploit",
"date_added": "2022-01-26",
"exploit_maturity": "weaponized",
"exploit_availability": "publicly-available"
},
{
"url": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/linux_pkexec_argc",
"name": "linux_pkexec_argc",
"refsource": "canvas",
"date_added": "2022-05-01",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available"
},
{
"url": "https://github.com/ck00004/CVE-2021-4034",
"name": "ck00004/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-02-15",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/robemmerson/CVE-2021-4034",
"name": "robemmerson/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/joeammond/CVE-2021-4034",
"name": "joeammond/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://github.com/ayypril/CVE-2021-4034",
"name": "ayypril/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/clubby789/CVE-2021-4034",
"name": "clubby789/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/HrishitJoshi/CVE-2021-4034",
"name": "HrishitJoshi/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-02-02",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://packetstormsecurity.com/files/165729/Polkit-pkexec-CVE-2021-4034-Local-Root.html",
"name": "Polkit pkexec CVE-2021-4034 Local Root",
"refsource": "packetstorm",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://packetstormsecurity.com/files/165727/Polkit-pkexec-CVE-2021-4034-Local-Root.html",
"name": "Polkit pkexec CVE-2021-4034 Local Root",
"refsource": "packetstorm",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://github.com/dadvlingd/-CVE-2021-4034",
"name": "dadvlingd/-CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/dzonerzy/poc-cve-2021-4034",
"name": "dzonerzy/poc-cve-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/arthepsy/CVE-2021-4034",
"name": "arthepsy/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/ly4k/PwnKit",
"name": "ly4k/PwnKit exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/Ankit-Ojha16/CVE-2021-4034",
"name": "Ankit-Ojha16/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-02-02",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/mtthwstffrd/berdav-CVE-2021-4034",
"name": "mtthwstffrd/berdav-CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-03-23",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://packetstormsecurity.com/files/165739/PolicyKit-1-0.105-31-Privilege-Escalation.html",
"name": "PolicyKit-1 0.105-31 Privilege Escalation",
"refsource": "packetstorm",
"date_added": "2022-01-27",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"name": "Red Hat Polkit Out-of-Bounds Read and Write Vulnerability",
"refsource": "cisa-known-exploited-vulnerabilities",
"date_added": "2022-06-27",
"exploit_maturity": "weaponized",
"exploit_availability": "privately-available"
},
{
"url": "https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html",
"name": "Alchimist: A new attack framework in Chinese for Mac, Linux and Windows",
"refsource": "blogs",
"date_added": "2022-10-13",
"exploit_maturity": "weaponized",
"exploit_availability": "privately-available"
},
{
"url": "https://github.com/An00bRektn/CVE-2021-4034",
"name": "An00bRektn/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/EstamelGG/CVE-2021-4034-NoGCC",
"name": "EstamelGG/CVE-2021-4034-NoGCC exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-28",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/Al1ex/CVE-2021-4034",
"name": "Al1ex/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-27",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/phvilasboas/CVE-2021-4034",
"name": "phvilasboas/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/Ayrx/CVE-2021-4034",
"name": "Ayrx/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/berdav/CVE-2021-4034",
"name": "berdav/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-25",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://gitlab.com/Tramadol/cve-2021-4034",
"name": "Tramadol/cve-2021-4034 exploit repository",
"refsource": "gitlab-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/x04000/CVE-2021-4034",
"name": "x04000/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-02-13",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://packetstormsecurity.com/files/165728/Polkit-pkexec-CVE-2021-4034-Proof-Of-Concept.html",
"name": "Polkit pkexec CVE-2021-4034 Proof Of Concept",
"refsource": "packetstorm",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://my.saintcorporation.com/cgi-bin/exploit_info/polkit_pkexec_priv_elev",
"name": "Polkit pkexec privilege elevation",
"refsource": "saint",
"date_added": "2022-01-27",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available"
},
{
"url": "https://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html",
"name": "Polkit pkexec Privilege Escalation",
"refsource": "packetstorm",
"date_added": "2022-03-04",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html",
"name": "A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"refsource": "nvd",
"date_added": "2022-01-28",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://github.com/Rvn0xsy/CVE-2021-4034",
"name": "Rvn0xsy/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-28",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/CYB3RK1D/CVE-2021-4034-POC",
"name": "CYB3RK1D/CVE-2021-4034-POC exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-28",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/OxWeb4/CVE-2021-4034-",
"name": "OxWeb4/CVE-2021-4034- exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-29",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/nikaiw/CVE-2021-4034",
"name": "nikaiw/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/n3onhacks/CVE-2021-4034",
"name": "n3onhacks/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-28",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/luijait/PwnKit-Exploit",
"name": "luijait/PwnKit-Exploit exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/san3ncrypt3d/CVE-2021-4034-POC",
"name": "san3ncrypt3d/CVE-2021-4034-POC exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/ryaagard/CVE-2021-4034",
"name": "ryaagard/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-25",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/artemis-mike/cve-2021-4034",
"name": "artemis-mike/cve-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-26",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/Hifumi1337/CVE-2021-4034",
"name": "Hifumi1337/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-03-16",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
},
{
"url": "https://github.com/PwnFunction/CVE-2021-4034",
"name": "PwnFunction/CVE-2021-4034 exploit repository",
"refsource": "github-exploits",
"date_added": "2022-01-27",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "local"
}
],
"threat_actors": [
{
"threat_actor_name": "DriftingCloud",
"cve_references": [
{
"url": "https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/",
"date_added": "2022-06-15",
"cve": [
"CVE-2021-4034",
"CVE-2022-1040"
]
}
]
}
],
"botnets": [
{
"botnet_name": "Hezb",
"malpedia_url": "https://malpedia.caad.fkie.fraunhofer.de/actor/hezb",
"cve_references": [
{
"url": "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/",
"date_added": "2022-06-07",
"cve": [
"CVE-2021-4034",
"CVE-2022-26134",
"CVE-2022-29464"
]
}
]
}
]
}