Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
On January 25th, 2022, a new vulnerability impacting Polkit’s pkexec program was disclosed. Polkit’s pkexec is included by default in all major Linux distributions. The vulnerability is tracked as CVE-2021-4034 (CVSS: 7.8) and allows for Local Privilege Escalation. Exploitation would enable a threat actor, with previous access to a vulnerable device, to escalate their privileges to full root privileges.
Exploitation of CVE-2021-4034 has not been identified at this time. eSentire has confirmed that functioning Proof-of-Concept exploit code is publicly available. Organizations are strongly encouraged to ensure that impacted systems are patched as soon as possible, as exploitation is expected in the immediate future.
Polkit’s pkexec is used to control system-wide privileges in Linux operating systems. It is meant to allow authorized users to run commands as the super user.
Exploitation has been tested and confirmed against Ubuntu, Debian, Fedora, and CentOS Linux distributions. Each impacted Linux distribution will be required to release their own updates to address CVE-2021-4034. Vendor responses can be found in the following links:
This list is expected to expand as distributions address CVE-2021-4034.
Exploits for CVE-2021-4034 are being widely shared by both researchers and threat actors. eSentire assesses, with high confidence, that this vulnerability will be adopted by threat actors for real world exploitation in a matter of days.
References:
[1] https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
[2] https://linux.die.net/man/1/pkexec
[3] https://access.redhat.com/security/cve/CVE-2021-4034
[4] https://ubuntu.com/security/CVE-2021-4034
[5] https://security-tracker.debian.org/tracker/CVE-2021-4034