PatchSiren cyber security CVE debrief

CVE-2021-41617 Netapp CVE debrief

CVE-2021-41617 is a local privilege-escalation issue in OpenSSH sshd that affects versions 6.2 through 8.x before 8.8 when specific non-default configuration options are used. In the affected setup, helper programs for AuthorizedKeysCommand or AuthorizedPrincipalsCommand may inherit unexpected group-related privileges from the sshd process, which can let a user with limited access gain elevated privileges.

Vendor: Netapp
Product: CVE-2021-41617
CVSS: HIGH 7
CISA KEV: Not listed in stored evidence
Original CVE published: 2021-09-26
Original CVE updated: 2026-05-12
Advisory published: 2021-09-26
Advisory updated: 2026-05-12

Who should care

Administrators of systems running OpenSSH sshd, especially where AuthorizedKeysCommand or AuthorizedPrincipalsCommand is configured to run as a different user. This also matters to vendors and platform owners that ship OpenSSH in appliances or bundled management components, as reflected by the NVD references and downstream advisories.

Technical summary

The NVD description says sshd in OpenSSH 6.2 through 8.x before 8.8 can escalate privileges because supplemental groups are not initialized as expected. The issue is conditional on non-default configurations: helper programs invoked by AuthorizedKeysCommand and AuthorizedPrincipalsCommand may execute with privileges associated with the group memberships of the sshd process when the command is configured to run as a different user. NVD rates the issue as CVSS 3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access is required and the attack complexity is high.

Defensive priority

High for any environment using the affected sshd helper-command configuration; otherwise medium because exposure is configuration-dependent and requires local access.

Recommended defensive actions

Upgrade OpenSSH to a fixed release at or above 8.8, or install vendor-provided updates that incorporate the fix.
Audit sshd_config for AuthorizedKeysCommand and AuthorizedPrincipalsCommand, especially where the command runs as a different user.
Review the user and group context used by any helper programs invoked by sshd and remove unnecessary privileged group memberships.
Apply downstream vendor advisories and package updates referenced in NVD for affected distributions and appliances.
Validate that only intended administrative workflows rely on these helper-command directives, and disable them if they are not required.

Evidence notes

This debrief is based only on the supplied NVD record and its referenced advisories. NVD states the vulnerable range is OpenSSH 6.2 through 8.x before 8.8 and that the issue occurs only with certain non-default configurations involving AuthorizedKeysCommand and AuthorizedPrincipalsCommand. The reference list includes the OpenSSH security page and release notes, SUSE bug 1190975, Debian LTS and Debian security notices, Fedora package advisories, NetApp advisory ntap-20211014-0004, Oracle CPU notices, a StarWind advisory, and a Tenable plugin entry.

Official resources

CVE-2021-41617 CVE record
CVE.org
CVE-2021-41617 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Third Party Advisory
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory
Source reference
[email protected]

Publicly disclosed on 2021-09-26 19:15:07 UTC. The supplied NVD record was last modified on 2026-05-12 10:16:36 UTC.