Login Sign Up

CVE-2021-27893

7.0 HIGH

📋 TL;DR

This vulnerability allows local privilege escalation on Windows systems running SSH Tectia Client and Server in nonstandard conditions. It affects ConnectSecure on Windows, enabling attackers with local access to elevate privileges to SYSTEM level. Only Windows installations with specific nonstandard configurations are vulnerable.

💻 Affected Systems

Products:
  • SSH Tectia Client
  • SSH Tectia Server
  • ConnectSecure
Versions: All versions before 6.4.19
Operating Systems: Windows
Default Config Vulnerable: ✅ No
Notes: Only vulnerable in nonstandard conditions; default configurations may not be affected. Specifically affects ConnectSecure on Windows installations.

📦 What is this software?

Tectia Client by Ssh

View all CVEs affecting Tectia Client →

Tectia Connectsecure by Ssh

View all CVEs affecting Tectia Connectsecure →

Tectia Server by Ssh

View all CVEs affecting Tectia Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM privileges, enabling complete system compromise, credential theft, persistence establishment, and lateral movement capabilities.

🟠

Likely Case

Local user or malware with initial access escalates to administrative privileges, allowing installation of additional malware, disabling security controls, and accessing sensitive data.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated systems; privilege escalation attempts are detected and contained.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access; internet-facing systems are not directly vulnerable unless attackers first gain local access through other means.
🏢 Internal Only: MEDIUM - Internal systems with vulnerable SSH Tectia installations and local user access could be compromised, but requires specific nonstandard configurations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and specific nonstandard configurations. No public exploit code has been released as of available information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.19

Vendor Advisory: https://info.ssh.com/tectia-vulnerability-cve-2021-27893

Restart Required: Yes

Instructions:

1. Download SSH Tectia version 6.4.19 or later from SSH.com. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart affected services or system. 5. Verify successful update.

🔧 Temporary Workarounds

Restrict Local Access

windows

Limit local user access to systems running vulnerable SSH Tectia installations

Review Configuration

windows

Audit and revert any nonstandard SSH Tectia configurations to default settings

🧯 If You Can't Patch

  • Implement strict local access controls and monitoring on affected systems
  • Isolate vulnerable systems from critical network segments and data

🔍 How to Verify

Check if Vulnerable:

Check SSH Tectia version on Windows systems: version must be 6.4.19 or higher to be patched

Check Version:

Check SSH Tectia application properties or documentation for version information

Verify Fix Applied:

Verify installed version is 6.4.19 or later and review configuration for nonstandard settings

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • SSH Tectia service restarts or failures
  • Unexpected local user activity

Network Indicators:

  • Unusual SSH connections from localhost
  • Anomalous authentication patterns

SIEM Query:

Search for events related to SSH Tectia service modifications, privilege escalation attempts, or unusual local user activity on Windows systems

📊 Metadata

CVE ID: CVE-2021-27893
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: March 15, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON