CVE-2021-38990 - OpenCVE

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Vios Aix

Configuration 1 [-]

OR	cpe:2.3:a:ibm:vios:3.1:::::::*
	cpe:2.3:o:ibm:aix:7.1:::::::*
	cpe:2.3:o:ibm:aix:7.2:::::::*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/212952	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6515496	Permissions Required Vendor Advisory
https://www.ibm.com/support/pages/node/6538700	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2022-01-06T00:00:00

Updated: 2022-01-07T17:55:27

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-38990

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-10T14:10:20.713

Modified: 2022-01-13T20:39:01.747

Link: CVE-2021-38990

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "AIX", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.1"}, {"status": "affected", "version": "7.2"}]}, {"product": "VIOS ", "vendor": "IBM", "versions": [{"status": "affected", "version": "3.1"}]}], "datePublic": "2022-01-06T00:00:00", "descriptions": [{"lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/UI:N/PR:N/S:U/A:H/AC:L/C:H/I:H/E:U/RL:O/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-07T17:55:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6515496"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6538700"}, {"name": "ibm-aix-cve202138990-code-exec (212952)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212952"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-01-06T00:00:00", "ID": "CVE-2021-38990", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AIX", "version": {"version_data": [{"version_value": "7.1"}, {"version_value": "7.2"}]}}, {"product_name": "VIOS ", "version": {"version_data": [{"version_value": "3.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6515496", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6515496 (Security Key Lifecycle Manager)", "url": "https://www.ibm.com/support/pages/node/6515496"}, {"name": "https://www.ibm.com/support/pages/node/6538700", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6538700 (AIX)", "url": "https://www.ibm.com/support/pages/node/6538700"}, {"name": "ibm-aix-cve202138990-code-exec (212952)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212952"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38990", "datePublished": "2022-01-06T00:00:00", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2022-01-07T17:55:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "0402E20C-8B41-4A2A-BFF9-92EC843985F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952."}, {"lang": "es", "value": "IBM AIX versiones 7.1, 7.2 y VIOS versi\u00f3n 3.1, podr\u00edan permitir a un usuario local no privilegiado explotar una vulnerabilidad en el comando mount que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo. IBM X-Force ID: 212952"}], "id": "CVE-2021-38990", "lastModified": "2022-01-13T20:39:01.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-10T14:10:20.713", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212952"}, {"source": "psirt@us.ibm.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6515496"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6538700"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}