7.4
CVE-2021-20322
- EPSS 6.85%
- Veröffentlicht 18.02.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 05:46:22
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 5.14.21
Fedoraproject ≫ Fedora Version34
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ E-series Santricity Os Controller Version >= 11.0 <= 11.70.1
Netapp ≫ Solidfire & Hci Management Node Version-
Netapp ≫ Aff A700s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H700e Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H410s Firmware Version-
Netapp ≫ H500e Firmware Version-
Netapp ≫ H300e Firmware Version-
Netapp ≫ H300s Firmware Version-
Netapp ≫ Hci Compute Node Firmware Version-
Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.3
Oracle ≫ Communications Cloud Native Core Network Exposure Function Version22.1.1
Oracle ≫ Communications Cloud Native Core Policy Version22.2.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.85% | 0.933 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
https://www.debian.org/security/2022/dsa-5096
https://bugzilla.redhat.com/show_bug.cgi?id=2014230
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43
https://security.netapp.com/advisory/ntap-20220303-0002/