On Tuesday, January 25, 2022, Qualys released a vulnerability and exploit that permits privilege escalation in pkexec. This vulnerability is known as PwnKit (CVE-2021-4034) and allows any unprivileged user on the system to run commands as another user including root (administrator) accounts. Qualys waited for operating system owners to release patches before releasing the vulnerabilities. Major Linux distributions have had patches released for several weeks. Appliances that run on top of Linux distributions could still be at risk if they have pkexec installed.
Qualys has verified the following systems have this vulnerability exploit:
Coretek will continue to monitor this vulnerability development and deploy patches for supported Managed Services customers' devices and servers, per the established patching schedule.
Patching is advised for Linux systems and appliances, or containers based on Linux. Your patching schedule should take into consideration your perceived level of risk, risk appetite, Business Impact Analysis, and exposure to the internet or breadth of untrusted third parties.
Ensure Linux OS patches are applied, and if they are not, prioritize systems that are sensitive, high-risk, or externally exposed.
If you’re an existing Coretek customer and your organization does not patch Linux systems, consider reaching out to your Coretek Delivery Manager to patch these systems soon.
Ensure that default and guest logins are disabled on all systems. Have a process to change all default credentials on a system before the system is put into production or before that system can be used to access sensitive information.
To identify which systems on your network are vulnerable to PwnKit, run a vulnerability scanner. Scanners such as Qualys and Tenable Nessus have indicators for this vulnerability.
If you are a Coretek customer, have any questions about Coretek remediation actions or your support agreements with Coretek, or are a visitor who would like more information, please use the button to get in touch below.