Is PAM appliance impacted CVE-2021-4034

search cancel

Is PAM appliance impacted CVE-2021-4034 – “PwnKit”

book

Article ID: 233297

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We received a bulletin on CVE-2021-4034 – “PwnKit” is affecting Debian Linux. Since PAM appliances run on Debian we need to know if we are impacted by this vulnerability and when to expect remediation if needed.

References:

Debian Security Tracker: https://security-tracker.debian.org/tracker/CVE-2021-4034

Environment

Release : 4.x

Cause

CVE-2021-4034 Is vulnerability found in policykit package on Linux OS (pkexec) that can allow an authenticated user to gain privilege escalation.

Resolution

This is not a vulnerability for Symantec PAM as no access is provided to the endusers. The only access provided is strictly to Broadcom support Engineers who will already use the root account.

Feedback

thumb_up Yes

thumb_down No