CVE-2021-27285

HighPublic PoC

Published: 06 January 2025

Published

06 January 2025

Modified

05 September 2025

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.1th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.

Security Summary

CVE-2021-27285 is a vulnerability discovered in Inspur ClusterEngine version 4.0. The issue enables attackers to escalate local privileges and execute arbitrary commands by targeting the /opt/tsce4/torque6/bin/getJobsByShell component. It is associated with CWE-276 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A local attacker requires only local access to the system, with no privileges, low attack complexity, and no user interaction needed to exploit the vulnerability. Upon successful exploitation, the attacker can achieve privilege escalation, allowing execution of arbitrary commands with elevated permissions.

Mitigation details and further technical information, including potential patches or workarounds, are available in the referenced GitHub repository at https://github.com/fjh1997/CVE-2021-27285.

Details

CWE(s): CWE-276

Affected Products

inspur

clusterengine

4.0

References

https://github.com/fjh1997/CVE-2021-27285
Exploit, Third Party Advisory · cve@mitre.org